Create Interactive Tour

Windows Analysis Report AirServer-5.6.3-x64.msi

Overview

General Information

Sample Name:AirServer-5.6.3-x64.msi
Analysis ID:531974
MD5:d0c1f8b537d6aa6b339158107bd34d3a
SHA1:1317ae28f2b43ddfadd1e5311defaa678277be6f
SHA256:4a92c6e42fb2bec9fb177f6d379b3e86728d81bfe3f69fc53c175c13532b586f
Infos:

Most interesting Screenshot:

Detection

Score:15
Range:0 - 100
Whitelisted:false
Confidence:0%

Compliance

Score:64
Range:0 - 100

Signatures

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
Creates files inside the system directory
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Stores files to the Windows start menu directory
Found dropped PE file which has not been started or loaded
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Binary contains a suspicious time stamp
Enables security privileges
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample may be VM or Sandbox-aware, try analysis on a native machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
  • System is w10x64
  • msiexec.exe (PID: 7004 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\AirServer-5.6.3-x64.msi" MD5: 4767B71A318E201188A0D0A420C8B608)
  • msiexec.exe (PID: 7072 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)
    • msiexec.exe (PID: 7124 cmdline: C:\Windows\System32\MsiExec.exe -Embedding E5F19836F2EFEDEA7D20143B7909D44E C MD5: 4767B71A318E201188A0D0A420C8B608)
    • msiexec.exe (PID: 5980 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding DE98669833787A5BCD3688E5E5104924 C MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
      • AirServer.exe (PID: 5856 cmdline: "C:\Program Files\App Dynamic\AirServer\AirServer.exe" MD5: 071272D03169059BDAE6EBC2F9AA4E95)
    • msiexec.exe (PID: 2600 cmdline: C:\Windows\System32\MsiExec.exe -Embedding DF281BC9618F703C8F33F0E3DF4ECD49 MD5: 4767B71A318E201188A0D0A420C8B608)
    • msiexec.exe (PID: 4652 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 41F685AE3C5DD01F383113B00015CD43 MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
    • msiexec.exe (PID: 3280 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 03451E8C3EBFF85C7ADF5F150695B524 E Global\MSI0000 MD5: 4767B71A318E201188A0D0A420C8B608)
    • msiexec.exe (PID: 5468 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding C752507715D0B25B1403AC3E49A0321D E Global\MSI0000 MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
      • wevtutil.exe (PID: 6108 cmdline: wevtutil.exe" im "C:\Program Files\App Dynamic\AirServer\AirServerEvents.man MD5: 27C3944EC1E3CAD62641ECBCEB107EE9)
        • conhost.exe (PID: 4240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • wevtutil.exe (PID: 6540 cmdline: "wevtutil.exe" im "C:\Program Files\App Dynamic\AirServer\AirServerEvents.man" /fromwow64 MD5: 17C934058CEC0E97D424EBD8413F01E2)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----

Compliance:

barindex
Creates license or readme file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\EndUserLicenseAgreement.rtfJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\EndUserLicenseAgreement.rtfJump to behavior
Creates a software uninstall entry
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}Jump to behavior
Creates a directory in C:\Program Files
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App DynamicJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServerJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\ADRuntime.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\ADSparkle.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServer.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServerConsole.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServerEvents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServerEvents.manJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServerMediaFoundationObjects.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServerMediaHandlers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\avcodec-58.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\avdevice-58.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\avfilter-7.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\avformat-58.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\avutil-56.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\concrt140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\d3dcompiler_47.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\EndUserLicenseAgreement.rtfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\Installing AirServer.pdfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\msvcp140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\swresample-3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\swscale-5.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\vccorlib140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\vcruntime140.dllJump to behavior
PE / OLE file has a valid certificate
Source: AirServer-5.6.3-x64.msiStatic PE information: certificate valid
Binary contains paths to debug symbols
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavformat\avformat-58.pdbLL source: AirServer.exe, 00000012.00000002.939081835.00007FFA9818B000.00000002.00020000.sdmp, avformat-58.dll.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: AirServer.exe, 00000012.00000002.945322124.00007FFAABE32000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavfilter\avfilter-7.pdb source: AirServer.exe, 00000012.00000002.944735455.00007FFA9B0D2000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavformat\avformat-58.pdb source: AirServer.exe, 00000012.00000002.939081835.00007FFA9818B000.00000002.00020000.sdmp, avformat-58.dll.1.dr
Source: Binary string: ..\..\..\..\..\..\Work\openssl-openssl\crypto\stack\stack.ccompiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Ox /Gs0 /GF /Gy /W3 /wd4090 /nologo /Ox /O2 /Ob2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Mon Aug 3 16:44:03 2020 UTCplatform: VC-WIN64A-ONECOREOPENSSLDIR: "C:\Work\QuickPlay-bins\win32-msvc2017\x86_64\openssl-1.1"ENGINESDIR: "C:\Work\QuickPlay-bins\win32-msvc2017\x86_64\openssl-1.1\lib\engines-1_1"not available..\..\..\..\..\..\Work\openssl-openssl\crypto\ex_data.c..\..\..\..\..\..\Work\openssl-openssl\crypto\init.c..\..\..\..\..\..\Work\openssl-openssl\crypto\bio\bio_lib.c source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp
Source: Binary string: `OTHER`TEMP`PACKED<%s return value>internal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: AirServer.exe, 00000012.00000002.944488583.00007FFA98B17000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServer.pdb source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libswresample\swresample-3.pdb source: AirServer.exe, 00000012.00000002.944679793.00007FFA9B093000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\ADSparkle.pdb source: AirServer.exe, 00000012.00000002.945210566.00007FFAABD17000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServerSetupActions.pdb source: 4ec848.msi.1.dr
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavutil\avutil-56.pdb^^ source: AirServer.exe, 00000012.00000002.944840663.00007FFA9B1AD000.00000002.00020000.sdmp, avutil-56.dll.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: AirServer.exe, 00000012.00000002.945113803.00007FFA9B970000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavcodec\avcodec-58.pdb source: AirServer.exe, 00000012.00000002.944078212.00007FFA9857F000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavdevice\avdevice-58.pdb source: AirServer.exe, 00000012.00000002.945413386.00007FFAAF7F7000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServerMediaHandlers.pdb source: AirServer.exe, 00000012.00000002.945257945.00007FFAABDCF000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServer.pdbe source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServerMediaHandlers.pdb11(GCTL source: AirServer.exe, 00000012.00000002.945257945.00007FFAABDCF000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServerEvents.pdb source: AirServer.exe, 00000012.00000002.945436921.00007FFAB0404000.00000002.00020000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: AirServer.exe, 00000012.00000002.944488583.00007FFA98B17000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libswscale\swscale-5.pdb source: AirServer.exe, 00000012.00000002.938946437.00007FFA980D4000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libswscale\swscale-5.pdb'' source: AirServer.exe, 00000012.00000002.938946437.00007FFA980D4000.00000002.00020000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Ox /Gs0 /GF /Gy /W3 /wd4090 /nologo /Ox /O2 /Ob2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: AirServer.exe, 00000012.00000002.944488583.00007FFA98B17000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavutil\avutil-56.pdb source: AirServer.exe, 00000012.00000002.944840663.00007FFA9B1AD000.00000002.00020000.sdmp, avutil-56.dll.1.dr
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\ADRuntime.pdbrr,GCTL source: AirServer.exe, 00000012.00000002.944985826.00007FFA9B432000.00000002.00020000.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: AirServer.exe, 00000012.00000002.945167426.00007FFAAB74D000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libswresample\swresample-3.pdb source: AirServer.exe, 00000012.00000002.944679793.00007FFA9B093000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\ADSparkle.pdb>>2GCTL source: AirServer.exe, 00000012.00000002.945210566.00007FFAABD17000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavfilter\avfilter-7.pdb** source: AirServer.exe, 00000012.00000002.944735455.00007FFA9B0D2000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\ADRuntime.pdb source: AirServer.exe, 00000012.00000002.944985826.00007FFA9B432000.00000002.00020000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: %SNot authorizedingestionInfoNo id on streamingestionAddressstreamNamehttps://www.googleapis.com/youtube/v3/liveBroadcasts?part=status,contentDetails,snippet&default=trueNo streaming address on streamhttps://www.googleapis.com/youtube/v3/liveBroadcasts?part=id,snippethttps://www.googleapis.com/youtube/v3/liveStreams?part=cdn,snippet&default=truehttps://www.youtube.com/live_dashboardThere was a problem with live streaming. Please check your <a href="https://www.youtube.com/live_dashboard">live dashboard</a> and try again.https://www.youtube.com/watch?v=c:\work\airserver-elephant\windows\airserver\youtubedialog.cpp360p480phttps://accounts.google.com/ManageAccount240p equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: 04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: There was a problem with live streaming. Please check your <a href="https://www.youtube.com/live_dashboard">live dashboard</a> and try again. equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: User not allowed to stream. <a href="https://www.youtube.com/features">Click for more information</a> equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.933828356.0000028D4E864000.00000004.00000020.sdmp, AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/auth/youtube equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp, AirServer.exe, 00000012.00000002.933798488.0000028D4E818000.00000004.00000020.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts/bind?id=%s&part=id,contentDetails,snippet,status&streamId=%s equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.933798488.0000028D4E818000.00000004.00000020.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts/bind?id=%s&part=id,contentDetails,snippet,status&streamId=%so9 equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts/transition?part=status&id=%s&broadcastStatus=complete equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.933828356.0000028D4E864000.00000004.00000020.sdmp, AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?id=%s equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.933828356.0000028D4E864000.00000004.00000020.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?id=%s[ equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?part=id,snippet equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.933828356.0000028D4E864000.00000004.00000020.sdmp, AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?part=snippet,status,contentDetails equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?part=snippet,status,contentDetailshttps://www.googleapis.com/youtube/v3/liveStreams?part=snippet,cdnhttps://www.googleapis.com/youtube/v3/liveBroadcasts?id=%shttps://www.googleapis.com/auth/youtubehttps://www.googleapis.com/youtube/v3/liveBroadcasts/bind?id=%s&part=id,contentDetails,snippet,status&streamId=%sUnable to parse error %SRequest failedmessagec:\work\airserver-elephant\windows\airserver\youtubeapi.cppliveStreamingNotEnablederrorsStreaming cancelledUser not allowed to stream. <a href="https://www.youtube.com/features">Click for more information</a>Unable to parse replyError without contenttitlestatussnippetAuthorization cancelledcontentDetailshttps://www.googleapis.com/youtube/v3/liveBroadcasts/transition?part=status&id=%s&broadcastStatus=completecdnhttps://www.googleapis.com/youtube/v3/liveStreams?part=status&id=%sout %SstreamStatusitemsNo statushealthStatusnoDataLive stream status %S, health: equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?part=status,contentDetails,snippet&default=true equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveStreams?part=cdn,snippet&default=true equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp, AirServer.exe, 00000012.00000002.933798488.0000028D4E818000.00000004.00000020.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveStreams?part=snippet,cdn equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveStreams?part=status&id=%s equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.youtube.com/live_dashboard equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.youtube.com/watch?v= equals www.youtube.com (Youtube)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: http://%s%s.localstopped
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: http://127.0.0.1
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: http://WWW.MPEGLA.COM
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: http://bugreports.qt.io/
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.Netsca
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AirServer.exe, 00000012.00000000.814981436.00007FF6C6E88000.00000002.00020000.sdmpString found in binary or memory: http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=967004087&mt=8
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://ocsp.digicert.com0H
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://ocsp.digicert.com0I
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: http://schemas.appdynamic.com/airserver/2014/as
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp, AirServer.exe, 00000012.00000002.933798488.0000028D4E818000.00000004.00000020.sdmpString found in binary or memory: http://schemas.upnp.org/upnp/1/0/
Source: AirServer.exe, 00000012.00000002.945226399.00007FFAABD25000.00000002.00020000.sdmpString found in binary or memory: http://winsparkle.org)
Source: AirServer.exe, 00000012.00000002.945210566.00007FFAABD17000.00000002.00020000.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp, AirServer.exe, 00000012.00000002.944985826.00007FFA9B432000.00000002.00020000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: http://www.dns-sd.org/ServiceTypes.html
Source: AirServer.exe, 00000012.00000002.945210566.00007FFAABD17000.00000002.00020000.sdmpString found in binary or memory: http://www.kennettnet.co.uk/xml-namespaces/sparkleDotNET
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: http://www.openssl.org/)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: http://www.phreedom.org/md5)08:27
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://MovieViewUsingDirectShow::PlayFile.http://MovieViewUsingDirectShow::CreateSession
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://accounts.google.com/ManageAccount240p
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/token
Source: AirServer.exe, 00000012.00000002.945075292.00007FFA9B470000.00000002.00020000.sdmpString found in binary or memory: https://activation.airserver.com
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://cast.airserver.com
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/device/appFetched
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmp, avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: https://www.airserver.com
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmp, AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/App
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/Download/MSKB/2975719
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/Download/MacPC
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/Support/Firewall??appId=com.pratikkumar.airserver-pc&code=%s&udid=%s&lang=
Source: 4ec848.msi.1.drString found in binary or memory: https://www.airserver.com/Support/Licensing
Source: 4ec848.msi.1.drString found in binary or memory: https://www.airserver.com/Support/LicensingActivation
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/Support/Ports3I
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/Supportwuauclt.exe%s
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/buy/pcopenactivate
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/downloads/pc/appcast.xml
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/downloads/pc/appcast.xml-----BEGIN
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/support/ContactUs
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/support/Miracast-Troubleshoot
Source: AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpString found in binary or memory: https://www.airserver.com/support/PC-Requirements
Source: avformat-58.dll.1.dr, avutil-56.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: AirServer.exe, 00000012.00000002.933828356.0000028D4E864000.00000004.00000020.sdmp, AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/auth/youtube
Source: AirServer.exe, 00000012.00000002.933828356.0000028D4E864000.00000004.00000020.sdmpString found in binary or memory: https://www.googleapis.com/auth/youtubeM
Source: AirServer.exe, 00000012.00000002.933828356.0000028D4E864000.00000004.00000020.sdmp, AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/userinfo
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/userinfohttp://127.0.0.14IeU5GfyyN2y-8uHF3b4vUFz881244297035-jt
Source: AirServer.exe, 00000012.00000002.933798488.0000028D4E818000.00000004.00000020.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts/bind?id=%s&part=id
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts/transition?part=status&id=%s&broadcastStatus=co
Source: AirServer.exe, 00000012.00000002.933828356.0000028D4E864000.00000004.00000020.sdmp, AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?id=%s
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?id=%shttps://www.googleapis.com/auth/youtubehtt
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?part=id
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?part=snippet
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveBroadcasts?part=status
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveStreams?part=cdn
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp, AirServer.exe, 00000012.00000002.933798488.0000028D4E818000.00000004.00000020.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveStreams?part=snippet
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/youtube/v3/liveStreams?part=status&id=%s
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.youtube.com/features
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.youtube.com/live_dashboard
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.youtube.com/live_dashboardThere
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=
Source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=c:
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSID20A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4ec846.msiJump to behavior
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980AC8C0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA98051032
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA98074100
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980A1920
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980AA160
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980A39A0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980909CB
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980A61C9
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980B39C0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980A89C0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980AD200
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980A9280
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980AE280
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980AAB10
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA98066B50
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA9805130C
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980A9B80
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA98069BB0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980AB3D0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980AEBD0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA9806F3C0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980AC470
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980A5470
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980A8460
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980ADCA0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA98051258
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980954E0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980A3D70
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980765C0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980ACDC0
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980A8E10
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: String function: 00007FFA980CE250 appears 253 times
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_BITMAP type: GLF_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AirServer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ADSparkle.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ADSparkle.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ADSparkle.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\wevtutil.exeProcess token adjusted: Security
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\AirServer-5.6.3-x64.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding E5F19836F2EFEDEA7D20143B7909D44E C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding DE98669833787A5BCD3688E5E5104924 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding DF281BC9618F703C8F33F0E3DF4ECD49
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 41F685AE3C5DD01F383113B00015CD43
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 03451E8C3EBFF85C7ADF5F150695B524 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C752507715D0B25B1403AC3E49A0321D E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe wevtutil.exe" im "C:\Program Files\App Dynamic\AirServer\AirServerEvents.man
Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\wevtutil.exe "wevtutil.exe" im "C:\Program Files\App Dynamic\AirServer\AirServerEvents.man" /fromwow64
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\App Dynamic\AirServer\AirServer.exe "C:\Program Files\App Dynamic\AirServer\AirServer.exe"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding E5F19836F2EFEDEA7D20143B7909D44E C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding DE98669833787A5BCD3688E5E5104924 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding DF281BC9618F703C8F33F0E3DF4ECD49
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 41F685AE3C5DD01F383113B00015CD43
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 03451E8C3EBFF85C7ADF5F150695B524 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C752507715D0B25B1403AC3E49A0321D E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\App Dynamic\AirServer\AirServer.exe "C:\Program Files\App Dynamic\AirServer\AirServer.exe"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe wevtutil.exe" im "C:\Program Files\App Dynamic\AirServer\AirServerEvents.man
Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\wevtutil.exe "wevtutil.exe" im "C:\Program Files\App Dynamic\AirServer\AirServerEvents.man" /fromwow64
Source: C:\Windows\System32\wevtutil.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}\InProcServer32
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI645C.tmpJump to behavior
Source: classification engineClassification label: clean15.evad.winMSI@21/62@0/1
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: Installing AirServer.pdf.1.drInitial sample: http://www.airserver.com/
Source: Installing AirServer.pdf.1.drInitial sample: http://support.microsoft.com/kb/255905
Source: Installing AirServer.pdf.1.drInitial sample: mailto:support@airserver.com
Source: Installing AirServer.pdf.1.drInitial sample: https://www.microsoft.com/download/details.aspx?id=49984
Source: Installing AirServer.pdf.1.drInitial sample: http://www.appdynamic.com/
Source: AirServer-5.6.3-x64.msiStatic file information: TRID: Microsoft Windows Installer (77509/1) 63.77%
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4240:120:WilError_01
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App DynamicJump to behavior
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: I accept the terms in the License Agreement
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}Jump to behavior
Source: AirServer-5.6.3-x64.msiStatic file information: File size 15478784 > 1048576
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App DynamicJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServerJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\ADRuntime.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\ADSparkle.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServer.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServerConsole.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServerEvents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServerEvents.manJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServerMediaFoundationObjects.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\AirServerMediaHandlers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\avcodec-58.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\avdevice-58.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\avfilter-7.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\avformat-58.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\avutil-56.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\concrt140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\d3dcompiler_47.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\EndUserLicenseAgreement.rtfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\Installing AirServer.pdfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\msvcp140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\swresample-3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\swscale-5.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\vccorlib140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\App Dynamic\AirServer\vcruntime140.dllJump to behavior
Source: AirServer-5.6.3-x64.msiStatic PE information: certificate valid
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavformat\avformat-58.pdbLL source: AirServer.exe, 00000012.00000002.939081835.00007FFA9818B000.00000002.00020000.sdmp, avformat-58.dll.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: AirServer.exe, 00000012.00000002.945322124.00007FFAABE32000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavfilter\avfilter-7.pdb source: AirServer.exe, 00000012.00000002.944735455.00007FFA9B0D2000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavformat\avformat-58.pdb source: AirServer.exe, 00000012.00000002.939081835.00007FFA9818B000.00000002.00020000.sdmp, avformat-58.dll.1.dr
Source: Binary string: ..\..\..\..\..\..\Work\openssl-openssl\crypto\stack\stack.ccompiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Ox /Gs0 /GF /Gy /W3 /wd4090 /nologo /Ox /O2 /Ob2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Mon Aug 3 16:44:03 2020 UTCplatform: VC-WIN64A-ONECOREOPENSSLDIR: "C:\Work\QuickPlay-bins\win32-msvc2017\x86_64\openssl-1.1"ENGINESDIR: "C:\Work\QuickPlay-bins\win32-msvc2017\x86_64\openssl-1.1\lib\engines-1_1"not available..\..\..\..\..\..\Work\openssl-openssl\crypto\ex_data.c..\..\..\..\..\..\Work\openssl-openssl\crypto\init.c..\..\..\..\..\..\Work\openssl-openssl\crypto\bio\bio_lib.c source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp
Source: Binary string: `OTHER`TEMP`PACKED<%s return value>internal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: AirServer.exe, 00000012.00000002.944488583.00007FFA98B17000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServer.pdb source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libswresample\swresample-3.pdb source: AirServer.exe, 00000012.00000002.944679793.00007FFA9B093000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\ADSparkle.pdb source: AirServer.exe, 00000012.00000002.945210566.00007FFAABD17000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServerSetupActions.pdb source: 4ec848.msi.1.dr
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavutil\avutil-56.pdb^^ source: AirServer.exe, 00000012.00000002.944840663.00007FFA9B1AD000.00000002.00020000.sdmp, avutil-56.dll.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: AirServer.exe, 00000012.00000002.945113803.00007FFA9B970000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavcodec\avcodec-58.pdb source: AirServer.exe, 00000012.00000002.944078212.00007FFA9857F000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavdevice\avdevice-58.pdb source: AirServer.exe, 00000012.00000002.945413386.00007FFAAF7F7000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServerMediaHandlers.pdb source: AirServer.exe, 00000012.00000002.945257945.00007FFAABDCF000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServer.pdbe source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServerMediaHandlers.pdb11(GCTL source: AirServer.exe, 00000012.00000002.945257945.00007FFAABDCF000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\AirServerEvents.pdb source: AirServer.exe, 00000012.00000002.945436921.00007FFAB0404000.00000002.00020000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: AirServer.exe, 00000012.00000002.944488583.00007FFA98B17000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libswscale\swscale-5.pdb source: AirServer.exe, 00000012.00000002.938946437.00007FFA980D4000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libswscale\swscale-5.pdb'' source: AirServer.exe, 00000012.00000002.938946437.00007FFA980D4000.00000002.00020000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Ox /Gs0 /GF /Gy /W3 /wd4090 /nologo /Ox /O2 /Ob2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: AirServer.exe, 00000012.00000002.944488583.00007FFA98B17000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavutil\avutil-56.pdb source: AirServer.exe, 00000012.00000002.944840663.00007FFA9B1AD000.00000002.00020000.sdmp, avutil-56.dll.1.dr
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\ADRuntime.pdbrr,GCTL source: AirServer.exe, 00000012.00000002.944985826.00007FFA9B432000.00000002.00020000.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: AirServer.exe, 00000012.00000002.945167426.00007FFAAB74D000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libswresample\swresample-3.pdb source: AirServer.exe, 00000012.00000002.944679793.00007FFA9B093000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\ADSparkle.pdb>>2GCTL source: AirServer.exe, 00000012.00000002.945210566.00007FFAABD17000.00000002.00020000.sdmp
Source: Binary string: C:\Work\FFMpeg\ffmpeg\Windows10\Win32\x64\libavfilter\avfilter-7.pdb** source: AirServer.exe, 00000012.00000002.944735455.00007FFA9B0D2000.00000002.00020000.sdmp
Source: Binary string: C:\Work\airserver-elephant\Windows\bin\x64\Release\ADRuntime.pdb source: AirServer.exe, 00000012.00000002.944985826.00007FFA9B432000.00000002.00020000.sdmp
Source: AirServer.exe.1.drStatic PE information: section name: .rodata
Source: avcodec-58.dll.1.drStatic PE information: section name: _RDATA
Source: avcodec-58.dll.1.drStatic PE information: section name: .00cfg
Source: avdevice-58.dll.1.drStatic PE information: section name: .00cfg
Source: avfilter-7.dll.1.drStatic PE information: section name: .00cfg
Source: avformat-58.dll.1.drStatic PE information: section name: .00cfg
Source: avutil-56.dll.1.drStatic PE information: section name: .00cfg
Source: msvcp140.dll.1.drStatic PE information: section name: .didat
Source: swresample-3.dll.1.drStatic PE information: section name: .00cfg
Source: d3dcompiler_47.dll.1.drStatic PE information: 0x9763B883 [Sun Jun 26 22:21:55 2050 UTC]
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\concrt140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDAD7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI6062.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\AirServerConsole.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI810C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4CA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7FB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI154A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\avformat-58.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\AirServerMediaFoundationObjects.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED6B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\AirServerMediaHandlers.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\avutil-56.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDDC6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\ADSparkle.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI18A6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB1C2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\avdevice-58.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E46.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\vccorlib140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE6D1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\ADRuntime.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI144F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE317.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\AirServer.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\swresample-3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID20A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1383.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\avfilter-7.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B57.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE086.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\AirServerEvents.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\swscale-5.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\avcodec-58.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI645C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDAD7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4CA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7FB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE6D1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI144F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE317.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI154A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID20A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1383.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B57.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE086.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED6B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDDC6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI18A6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E46.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\EndUserLicenseAgreement.rtfJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\App Dynamic\AirServer\EndUserLicenseAgreement.rtfJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirServer Universal (x64)Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirServer Universal (x64)\AirServer Universal (x64).lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\App Dynamic\AirServer\AirServerConsole.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\App Dynamic\AirServer\vccorlib140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID4CA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE6D1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI144F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE317.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\App Dynamic\AirServer\AirServerMediaFoundationObjects.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE086.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIED6B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1E46.tmpJump to dropped file
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeWindow / User API: threadDelayed 1981
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeWindow / User API: threadDelayed 2446
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: AirServer.exe, 00000012.00000003.833216551.0000028D4E8C0000.00000004.00000001.sdmpBinary or memory string: VMware
Source: AirServer.exe, 00000012.00000003.833216551.0000028D4E8C0000.00000004.00000001.sdmpBinary or memory string: Win32_OperatingSystem{D85F242A-96CD-4D0F-84EF-44443833105D}s)VMware483RXYK1W
Source: AirServer.exe, 00000012.00000002.944050285.00007FFA9854B000.00000002.00020000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FFA980F3080 IsDebuggerPresent,
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\App Dynamic\AirServer\AirServer.exe "C:\Program Files\App Dynamic\AirServer\AirServer.exe"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe wevtutil.exe" im "C:\Program Files\App Dynamic\AirServer\AirServerEvents.man
Source: AirServer.exe, 00000012.00000002.933999855.0000028D4ECA0000.00000002.00020000.sdmpBinary or memory string: Program Manager
Source: AirServer.exe, 00000012.00000002.933999855.0000028D4ECA0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: AirServer.exe, 00000012.00000002.933999855.0000028D4ECA0000.00000002.00020000.sdmpBinary or memory string: Progman
Source: AirServer.exe, 00000012.00000002.933999855.0000028D4ECA0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Program Files\App Dynamic\AirServer\AirServer.exeCode function: 18_2_00007FF6C612FB10 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Spearphishing Link1Windows Management Instrumentation121Windows Service1Windows Service1Masquerading22OS Credential DumpingSystem Time Discovery1Replication Through Removable Media1Archive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable Media1Scheduled Task/JobRegistry Run Keys / Startup Folder1Process Injection12Virtualization/Sandbox Evasion121LSASS MemoryQuery Registry1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)DLL Side-Loading1Registry Run Keys / Startup Folder1Process Injection12Security Account ManagerSecurity Software Discovery131SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)DLL Side-Loading1Deobfuscate/Decode Files or Information1NTDSVirtualization/Sandbox Evasion121Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information1LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonTimestomp1Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsDLL Side-Loading1DCSyncPeripheral Device Discovery11Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion1Proc FilesystemFile and Directory Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Information Discovery25Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 531974 Sample: AirServer-5.6.3-x64.msi Startdate: 01/12/2021 Architecture: WINDOWS Score: 15 48 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 2->48 8 msiexec.exe 118 75 2->8         started        11 msiexec.exe 9 2->11         started        process3 file4 30 C:\Program Files\...\AirServer.exe, PE32+ 8->30 dropped 32 C:\Windows\Installer\MSIED6B.tmp, PE32 8->32 dropped 34 C:\Windows\Installer\MSIE7FB.tmp, PE32 8->34 dropped 44 31 other files (none is malicious) 8->44 dropped 13 msiexec.exe 1 8->13         started        15 msiexec.exe 1 8->15         started        17 msiexec.exe 1 8->17         started        19 3 other processes 8->19 36 C:\Users\user\AppData\Local\...\MSIB1C2.tmp, PE32 11->36 dropped 38 C:\Users\user\AppData\Local\...\MSI810C.tmp, PE32+ 11->38 dropped 40 C:\Users\user\AppData\Local\...\MSI645C.tmp, PE32+ 11->40 dropped 42 C:\Users\user\AppData\Local\...\MSI6062.tmp, PE32 11->42 dropped process5 process6 21 wevtutil.exe 1 13->21         started        23 AirServer.exe 40 15->23         started        dnsIp7 26 wevtutil.exe 18 1 21->26         started        28 conhost.exe 21->28         started        46 192.168.2.1 unknown unknown 23->46 process8

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version
No bigger version
windows-stand
SourceDetectionScannerLabelLink
AirServer-5.6.3-x64.msi0%VirustotalBrowse
AirServer-5.6.3-x64.msi0%MetadefenderBrowse
AirServer-5.6.3-x64.msi0%ReversingLabs
SourceDetectionScannerLabelLink
C:\Program Files\App Dynamic\AirServer\ADRuntime.dll0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\ADSparkle.dll0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\AirServer.exe0%MetadefenderBrowse
C:\Program Files\App Dynamic\AirServer\AirServer.exe0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\AirServerConsole.exe3%MetadefenderBrowse
C:\Program Files\App Dynamic\AirServer\AirServerConsole.exe2%ReversingLabs
C:\Program Files\App Dynamic\AirServer\AirServerEvents.dll0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\AirServerMediaFoundationObjects.dll0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\AirServerMediaHandlers.dll0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\avcodec-58.dll0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\avdevice-58.dll0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\avfilter-7.dll0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\avformat-58.dll0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\avutil-56.dll0%ReversingLabs
C:\Program Files\App Dynamic\AirServer\concrt140.dll0%MetadefenderBrowse
C:\Program Files\App Dynamic\AirServer\concrt140.dll0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://schemas.appdynamic.com/airserver/2014/as0%Avira URL Cloudsafe
http://www.phreedom.org/md5)0%URL Reputationsafe
http://www.phreedom.org/md5)08:270%Avira URL Cloudsafe
http://www.kennettnet.co.uk/xml-namespaces/sparkleDotNET0%Avira URL Cloudsafe
http://127.0.0.10%VirustotalBrowse
http://127.0.0.10%Avira URL Cloudsafe
http://winsparkle.org)0%Avira URL Cloudsafe
https://MovieViewUsingDirectShow::PlayFile.http://MovieViewUsingDirectShow::CreateSession0%Avira URL Cloudsafe
http://www.dns-sd.org/ServiceTypes.html0%Avira URL Cloudsafe
http://schemas.upnp.org/upnp/1/0/0%Avira URL Cloudsafe
http://www.andymatuschak.org/xml-namespaces/sparkle0%Avira URL Cloudsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://schemas.appdynamic.com/airserver/2014/asAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.phreedom.org/md5)AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.apache.org/licenses/LICENSE-2.0AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
    high
    https://www.airserver.com/support/ContactUsAirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
      high
      http://www.phreedom.org/md5)08:27AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://www.kennettnet.co.uk/xml-namespaces/sparkleDotNETAirServer.exe, 00000012.00000002.945210566.00007FFAABD17000.00000002.00020000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://www.youtube.com/watch?v=c:AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
        high
        https://www.airserver.comAirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmp, avformat-58.dll.1.dr, avutil-56.dll.1.drfalse
          high
          https://www.airserver.com/support/Miracast-TroubleshootAirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
            high
            https://cast.airserver.comAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
              high
              https://accounts.google.com/ManageAccount240pAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                high
                https://www.airserver.com/AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmp, AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                  high
                  https://www.airserver.com/Download/MacPCAirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
                    high
                    http://127.0.0.1AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    unknown
                    http://bugreports.qt.io/AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                      high
                      http://WWW.MPEGLA.COMAirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
                        high
                        https://www.youtube.com/live_dashboardAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                          high
                          http://winsparkle.org)AirServer.exe, 00000012.00000002.945226399.00007FFAABD25000.00000002.00020000.sdmpfalse
                          • Avira URL Cloud: safe
                          low
                          https://MovieViewUsingDirectShow::PlayFile.http://MovieViewUsingDirectShow::CreateSessionAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                          • Avira URL Cloud: safe
                          low
                          http://www.dns-sd.org/ServiceTypes.htmlAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://accounts.google.com/o/oauth2/tokenAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                            high
                            https://www.airserver.com/Download/MSKB/2975719AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
                              high
                              https://www.airserver.com/buy/pcopenactivateAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                                high
                                https://www.airserver.com/Supportwuauclt.exe%sAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                                  high
                                  https://www.airserver.com/downloads/pc/appcast.xmlAirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
                                    high
                                    https://www.airserver.com/downloads/pc/appcast.xml-----BEGINAirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
                                      high
                                      https://www.youtube.com/live_dashboardThereAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                                        high
                                        http://schemas.upnp.org/upnp/1/0/AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmp, AirServer.exe, 00000012.00000002.933798488.0000028D4E818000.00000004.00000020.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://clients3.google.com/cast/chromecast/device/appFetchedAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                                          high
                                          https://www.airserver.com/AppAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                                            high
                                            https://www.youtube.com/featuresAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                                              high
                                              https://accounts.google.com/o/oauth2/authAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                                                high
                                                https://www.airserver.com/Support/LicensingActivation4ec848.msi.1.drfalse
                                                  high
                                                  https://www.youtube.com/watch?v=AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                                                    high
                                                    http://www.openssl.org/)AirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
                                                      high
                                                      http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.NetscaAirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                                                        high
                                                        https://www.airserver.com/Support/Firewall??appId=com.pratikkumar.airserver-pc&code=%s&udid=%s&lang=AirServer.exe, 00000012.00000002.936682904.00007FF6C670A000.00000002.00020000.sdmpfalse
                                                          high
                                                          https://www.airserver.com/Support/Licensing4ec848.msi.1.drfalse
                                                            high
                                                            https://www.airserver.com/Support/Ports3IAirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
                                                              high
                                                              https://activation.airserver.comAirServer.exe, 00000012.00000002.945075292.00007FFA9B470000.00000002.00020000.sdmpfalse
                                                                high
                                                                https://www.airserver.com/support/PC-RequirementsAirServer.exe, 00000012.00000000.821734455.00007FF6C6EFC000.00000002.00020000.sdmpfalse
                                                                  high
                                                                  http://www.andymatuschak.org/xml-namespaces/sparkleAirServer.exe, 00000012.00000002.945210566.00007FFAABD17000.00000002.00020000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs
                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  IP
                                                                  192.168.2.1

                                                                  General Information

                                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                                  Analysis ID:531974
                                                                  Start date:01.12.2021
                                                                  Start time:15:48:28
                                                                  Joe Sandbox Product:CloudBasic
                                                                  Overall analysis duration:0h 9m 49s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:light
                                                                  Sample file name:AirServer-5.6.3-x64.msi
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                  Number of analysed new started processes analysed:26
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • HDC enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Detection:CLEAN
                                                                  Classification:clean15.evad.winMSI@21/62@0/1
                                                                  EGA Information:Failed
                                                                  HDC Information:
                                                                  • Successful, ratio: 77.8% (good quality ratio 56.3%)
                                                                  • Quality average: 63.5%
                                                                  • Quality standard deviation: 43%
                                                                  HCA Information:Failed
                                                                  Cookbook Comments:
                                                                  • Adjust boot time
                                                                  • Enable AMSI
                                                                  • Found application associated with file extension: .msi
                                                                  Warnings:
                                                                  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 131.253.33.200, 13.107.22.200
                                                                  • Excluded domains from analysis (whitelisted): www.bing.com, s-ring.msedge.net, ctldl.windowsupdate.com, arc.msn.com, t-ring.msedge.net, ris.api.iris.microsoft.com, dual-a-0001.dc-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, teams-ring.msedge.net
                                                                  • Execution Graph export aborted for target AirServer.exe, PID 5856 because there are no executed function
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  No simulations
                                                                  No context
                                                                  No context
                                                                  No context
                                                                  No context
                                                                  No context
                                                                  C:\Config.Msi\4ec847.rbs
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:data
                                                                  Category:modified
                                                                  Size (bytes):345345
                                                                  Entropy (8bit):6.59572804648539
                                                                  Encrypted:false
                                                                  SSDEEP:6144:mAvFXpATpV9E8TytVm5657r+0G/kvzoaBcHLnNs:mcqTjpTPK7r+7kbvBcHxs
                                                                  MD5:C2F3F684C686DECD9601725F831D6D3D
                                                                  SHA1:8AC30B5B3AC1256902E3C232B0E46A5ED8F2530A
                                                                  SHA-256:60944829AB9B69CE26ECACBFC7CCFFC37B0FDD759B43494968A9C5D3C24361B0
                                                                  SHA-512:81A8BF4FFF9A8D7FDC91A413AB6CDAADE03CDE2BDD7D0CA55FA8D7344176161DC7E9865BA689D50721A10B1D7E73A9815AB8624ED93CA67D2ECBCD8A4E049CDF
                                                                  Malicious:false
                                                                  Preview: ...@IXOS.@.....@C~.S.@.....@.....@.....@.....@.....@......&.{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}..AirServer Universal (x64)..AirServer-5.6.3-x64.msi.@.....@.....@.....@......AirServer.exe..&.{EE2DBA36-6558-4C1A-BB78-A00681594571}.....@.....@.....@.....@.......@.....@.....@.......@......AirServer Universal (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{FFBD63BB-930F-47DD-B794-2A8F77894865}&.{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}.@......&.{EE78693A-1B58-49F3-ABCB-B4F70C9B23B9}&.{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}.@......&.{9009561F-201C-4F26-B9C6-240CF9FEC91D}&.{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}.@......&.{D0A0A5B5-4C7D-43EA-A9F8-5766FD149F1B}&.{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}.@......&.{475DB1C3-13D1-4F87-AFE7-EF9A880FED85}&.{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}.@......&.{F6B6267F-6D3D-4F3A-B6FC-6A334D91EA3D}&.{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}.@......&.{45C9EB2
                                                                  C:\Program Files\App Dynamic\AirServer\ADRuntime.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1010688
                                                                  Entropy (8bit):6.094492676456435
                                                                  Encrypted:false
                                                                  SSDEEP:24576:sbhyxZ1+DMQAZ9TzhpWSFKnvAvBb4wl5VNVQ:QhysDMQAZ9Tz6i8M5a
                                                                  MD5:F64C742467826EAADE07546FAEAEB177
                                                                  SHA1:90EB518A339384DA335660F08ADE67354E3B2D60
                                                                  SHA-256:7F0A12383F4E0F684FF0DB387D8889E4EA84BF5397E076EF59898B30914C0A26
                                                                  SHA-512:16B0BA940E569F3EBE3C056A13859E927F7A5590F0417BE1BD8790EC29A4DEDCDDDB631FDCBD0DA45AC54484E56F06AAD78A7932BB6AC3E0A053F01827E50D8F
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......w.a'3h.t3h.t3h.t:..t#h.t...u.h.t...t2h.ta..u;h.ta..u0h.ta..u7h.th..u2h.ta..u.h.th..u2h.th..u1h.th..u,h.t3h.t.i.t...u-h.t...u2h.t...t2h.t3h.t2h.t...u2h.tRich3h.t........PE..d....9j_.........." .........f............................................................`.............................................DU...........`...=.......U..................p...p.......................(.................... ..@............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata...U.......V..................@..@.rsrc....=...`...>...$..............@..@.reloc...............b..............@..B........................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\ADSparkle.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):210944
                                                                  Entropy (8bit):5.757947441105646
                                                                  Encrypted:false
                                                                  SSDEEP:3072:uQbQQDnXVJLyF/2bCkEhacHHCx/i84aFmMLmnll8V7TnOP1tEJX70N:ubQDf+FSqK/5LmlZJ
                                                                  MD5:27F3C69CABF8BADED4F3257FCFD2C8FD
                                                                  SHA1:B87BA3F7C8594C2338C45DB5708B6FC532C08F42
                                                                  SHA-256:C204C6F4AF72528E7FBE6A43E725EC8E30FCB312BFB1A695A0504E2623D5A2A2
                                                                  SHA-512:5D53FC6103B83F3BA56D2235CA3D44688E34349677732EB39599E794E5E773477833B8D7E7497AABA2315AD308DEBAD6FA7315913D40F5F0A9C0D0F64A9B5CD0
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......luJ.(.$.(.$.(.$.!l..$.$.z| . .$.z|'.+.$.z|%.,.$.z|!.7.$.s|".*.$.s| .!.$.s|%.?.$.(.%.=.$..}-.$.$..}$.).$..}.).$.(...).$..}&.).$.Rich(.$.................PE..d....9j_.........." .....V...........=....................................................`.........................................@................p.......P..........................p...........................0................p..h............................text....T.......V.................. ..`.rdata..n....p.......Z..............@..@.data........0......................@....pdata.......P....... ..............@..@.rsrc........p.......2..............@..@.reloc...............6..............@..B........................................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\AirServer.exe
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):17128288
                                                                  Entropy (8bit):7.035693113999231
                                                                  Encrypted:false
                                                                  SSDEEP:393216:t3LiCJz29Pc1DY8Jsv6tWKFdu9C8JNLVDJNL9E+Og:tuKyrL9rL9E+3
                                                                  MD5:071272D03169059BDAE6EBC2F9AA4E95
                                                                  SHA1:83B266120850E94FD101790CA043C046CCB4E154
                                                                  SHA-256:66B4E7FAE54811B2A22EF36200C8B0F48294B63F17BA146A3BE437B11741A507
                                                                  SHA-512:23FEFB220603CFA0F6CEFCA5314767D93A2DDD9125853312487188370AE9D67F9AE8200C12817CD2641F8995270F7189A31D26F8BA1FB4C8937ECDA587AEB148
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......zq..>..@>..@>..@7hq@ ..@..%@?..@lx.A4..@lx.A=..@.y.A|..@.y.A...@.y.AG..@>..@...@.y.A...@.y.A3..@.y.A2..@ex.A?..@.y.A6..@lx.A...@lx.A8..@ex.A?..@ex.A0..@ex.A:..@ex.Ay..@>..@...@.y.A$..@.y.A?..@.y.@?..@>.u@?..@.y.A?..@Rich>..@................PE..d....:j_..........".......o..........)........@..........................................`.............................................$...$...........`....`...'...<..`....P......G..p....................I..(....H................o.x#...........................text...,.o.......o................. ..`.rdata..b.....o.......o.............@..@.data............4..................@....pdata...'...`...(..................@..@.rodata.............................@..@.rsrc...`...........................@..@.reloc......P......................@..B........................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\AirServerConsole.exe
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):21344
                                                                  Entropy (8bit):5.912759004920895
                                                                  Encrypted:false
                                                                  SSDEEP:384:XavGDBl/PR9lqwBZWqEDppHZ7R5unZEZsHLQSkFCMK6jL:KMzh9lqwLfEz5730VA1KgL
                                                                  MD5:79D6FC2DA5673AA64C9127D9F0D12568
                                                                  SHA1:8F9F382CECC62F62338098762ED96082B9C7317E
                                                                  SHA-256:AF31CE92BEC3F2FCED16652AA571AE637DD809FB4C7288CAD7C3A7BBC1C360BF
                                                                  SHA-512:73AD3B8C2F8FA404E555CD9EFE0C8AC984EFF4EEAD0D51BBEBF2A6C4A24F160CFF3A1F455247A7F43A3D7AFED4AA4946C8D9A3E434E10D69A706B47394F28A6F
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: Metadefender, Detection: 3%, Browse
                                                                  • Antivirus: ReversingLabs, Detection: 2%
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........[.n...n...n....~..n.......n.......n.......n.......n.......n...n...n.......n.......n...nz..n.......n..Rich.n..................PE..d...I:j_.........."..........$.................@.....................................n....`.................................................h9.......p..p....`.......4..`............3..p...........................@4...............0..0............................text............................... ..`.rdata.......0......................@..@.data...@....P.......(..............@....pdata.......`.......*..............@..@.rsrc...p....p.......,..............@..@.reloc...............2..............@..B................................................................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\AirServerEvents.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):40800
                                                                  Entropy (8bit):5.565458871311275
                                                                  Encrypted:false
                                                                  SSDEEP:384:3Kw1FpLsRzxzRt82en5qcuVwvrROn5ZaNDt3+gPa5lmKMnZEZsHLM47MK6jtjO:awH2es4tP+gPa5MVYKgs
                                                                  MD5:DBD2E13EC0B7313B91B80DECFF59BE1F
                                                                  SHA1:6E72423737E7531542609D1ECC86A71D376BC8ED
                                                                  SHA-256:FC6FA85FBC807BBBC76BE406D93B75A92D53DCD44D0D7DBF2D14E7E70D6CF6E5
                                                                  SHA-512:2EFABB1A73388C1C59D06C01F3B5314D629A21F339E8090EF8A92BB7A6BC3B134C842BD0F3B1BBC93B3AE8F93F5E648F2811801EE323637D0966D84042300DC3
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.w.T.$.T.$.T.$.,.$.T.$.<.%.T.$.<.%.T.$.<.%.T.$.<.%.T.$.<.%.T.$.T.$.T.$.=.%.T.$.=.%.T.$.=f$.T.$.T.$.T.$.=.%.T.$Rich.T.$........................PE..d...L:j_.........." .....*...X......t*...............................................j....`..........................................S.......T..........x....p..T.......`...........`E..p............................E...............@..x............................text....(.......*.................. ..`.rdata.......@......................@..@.data........`.......H..............@....pdata..T....p.......J..............@..@.rsrc...x........0...N..............@..@.reloc...............~..............@..B................................................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\AirServerEvents.man
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                                  Category:modified
                                                                  Size (bytes):41200
                                                                  Entropy (8bit):3.606650110861495
                                                                  Encrypted:false
                                                                  SSDEEP:192:N7PNlTKmzUHX1klOOthZZbwy87aqbqIJVHUt/sXL7GGeHPff/OM2EaoDfQhUA0xN:N7SziSHUr3L
                                                                  MD5:BFFA696B649EC8E13D3774891270E897
                                                                  SHA1:0230F0A0F7A20F9BD46DFA39A3EC7E1D25853949
                                                                  SHA-256:6E8F28A72BF10AAAA86582E1E3EE2173B99D188385D6758D877E090FD53F7027
                                                                  SHA-512:CF74931E33C3D7ED06C8BBC27F52BD98AD9D9F9B55F2C8FCEFBF98CB29F3ECD696EE37EC8251ADA955BD8DEC1DCF3EB36CDD689AC12BB8D30D6A1E9692F4D3AD
                                                                  Malicious:false
                                                                  Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.i.n.s.t.r.u.m.e.n.t.a.t.i.o.n.M.a.n.i.f.e.s.t. .x.s.i.:.s.c.h.e.m.a.L.o.c.a.t.i.o.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s. .e.v.e.n.t.m.a.n...x.s.d.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s.". .x.m.l.n.s.:.w.i.n.=.".h.t.t.p.:././.m.a.n.i.f.e.s.t.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.w.i.n.d.o.w.s./.e.v.e.n.t.s.". .x.m.l.n.s.:.x.s.i.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.1./.X.M.L.S.c.h.e.m.a.-.i.n.s.t.a.n.c.e.". .x.m.l.n.s.:.x.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.1./.X.M.L.S.c.h.e.m.a.". .x.m.l.n.s.:.t.r.a.c.e.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.t.r.a.c.e.".>.......<.i.n.s.t.r.u.m.e.n.t.a.t.i.o.n.>.........<.e.v.e.n.t.s.>...........<.p.r.o.v.i.d.e.r. .n.a.m.e.=.".A.p.p. .D.y.
                                                                  C:\Program Files\App Dynamic\AirServer\AirServerMediaFoundationObjects.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):118784
                                                                  Entropy (8bit):5.79285423024278
                                                                  Encrypted:false
                                                                  SSDEEP:3072:oRdAQbTEa44rn0RpiMzpCaEhuXgh5lGnfqA6fwlYJMEkoA4I6:oRSQbTEa44L0RpiMzAaEhuXelGfDDEA4
                                                                  MD5:27DD8DD16F29B0F21BA5F34FF4ABDA10
                                                                  SHA1:F56D02AAD3E2E776EC16B8786294D7C80E426A67
                                                                  SHA-256:897C5410F66A729A4A1BE08C9AA43DC449CC7DD05FB13DA84BC8C941302A8FD3
                                                                  SHA-512:91148541745D1EED8C67F67148746389373C7E4E3ED2F12A933B6B19E7070271A17686A3ED18E652FB8E815D35D1245F1546CA9EF5CAA84E8012BB2054E9CF66
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......%3.>aR.maR.maR.mh*RmiR.m3:.liR.m3:.lcR.m.;.lcR.m::.l`R.m::.l`R.m3:.lrR.m3:.leR.m::.ldR.m::.lnR.maR.m.R.m.;.lhR.m.;.l`R.m.;>m`R.maRVm`R.m.;.l`R.mRichaR.m........PE..d....9j_.........." ......................................................................`....................................................,....................................X..p............................Y...............0...............................text............................... ..`.rdata.......0......................@..@.data...p...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\AirServerMediaHandlers.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):96608
                                                                  Entropy (8bit):5.9315465971801045
                                                                  Encrypted:false
                                                                  SSDEEP:1536:OJbCTQu+xG38ZILkcniWVoAw8ufo0nZqGYTZlie+hphqNk3I7:OaQZxGLkcn1Bw8uf1n2ZliDh6Nk3c
                                                                  MD5:4D3CB4A21BE988D218B38B8DA1C07DDE
                                                                  SHA1:1D9A8FA65324C625955F33D6E66579701CB4A684
                                                                  SHA-256:4B4AAB2DF348FAD3F5513CC5CC591A73DB92DEDE7915D1C7730CD2232E9AA174
                                                                  SHA-512:65194053242C418B5CBE00EEF3872EA076AB4F0A6F75603528D4C7A24F766FB548EAA5D4986E05FECE181ECA8E5B4523D091824873584125342DE5E6F32CB294
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........y..............................u......A.......................................................u......u......u............u......Rich...................PE..d...P:j_.........." ................t...............................................A.....`..........................................N......\O..,............p.......Z..`.......,...P...p...............................................H............................text...5........................... ..`.rdata..Vl.......n..................@..@.data........`.......F..............@....pdata.......p.......J..............@..@.rsrc................R..............@..@.reloc..,............X..............@..B................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\EndUserLicenseAgreement.rtf
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:Rich Text Format data, version 1, ANSI
                                                                  Category:dropped
                                                                  Size (bytes):12863
                                                                  Entropy (8bit):5.079324617500121
                                                                  Encrypted:false
                                                                  SSDEEP:384:RCrF0NBqFOoaaiVUYTT26T2oof8R21Ch13wSmX2:Er+NBqFMVZT26Uv0z3b
                                                                  MD5:32F1F6B7694652C623F3C0024C947BBE
                                                                  SHA1:50724A7E79CCB694AAB51C72297DE9ACEB57AD43
                                                                  SHA-256:B800860EA57AF9EAB0D6F77998A3F24886DE120A6F2D4AA7770BB76E7FC055E3
                                                                  SHA-512:990652E109BE0922648C2F3664CD07A2FF88BCFC0F713CC1505183028D5E7B91EC2C5CDAFDF487C765020D5DD26C7B4902313B0C21EC340A6C736EBA238A4A50
                                                                  Malicious:false
                                                                  Preview: {\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\froman\fprq2\fcharset0 Times New Roman;}{\f1\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 6.3.9600}\viewkind4\uc1 ..\pard\widctlpar\f0\fs24 END-USER LICENSE AGREEMENT\par..\par..IMPORTANT: PLEASE READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE CONTINUING WITH THIS PROGRAM INSTALL:\par..\par..This End-User License Agreement ("EULA") is a binding legal agreement between You, the "User" (an individual or single entity) and App Dynamic ehf (the "Company") concerning its Software Products, such as AirServer\'ae for OS X, AirServer\'ae Universal for Windows, or AirServer\'ae Sender Lite, including, associated software components, media, printed and electronic documentation. \par..\par..By installing, copying, or otherwise using the Company's Software Products, you agree to be bound by the terms and conditions of this EULA. \par..\par..IF YOU DO NOT AGREE TO THE
                                                                  C:\Program Files\App Dynamic\AirServer\Installing AirServer.pdf
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PDF document, version 1.5
                                                                  Category:dropped
                                                                  Size (bytes):652089
                                                                  Entropy (8bit):7.9825460611482155
                                                                  Encrypted:false
                                                                  SSDEEP:12288:3uoFKqZLkac7pYnzwaCAh3eszhLU/FJA0gzCW9dQTD5389wreZr+:3uoFKqZw8sbAh3eszug0gJ9uTD5389wV
                                                                  MD5:F4A4C243D6132383C66089BA69371634
                                                                  SHA1:F51BDB63197C3C22A4B1D2A6F6981557C22C14B7
                                                                  SHA-256:5727A94C1A404BB62495B199474404B24AEB3785D419424C06D91D15897525E4
                                                                  SHA-512:10BF6C91946AC22F3DC9C124C9204B3713A8D492B1685E2EDC1B1A81DD809B78CE9272EE3F9B0487F042F23A32B891AE3650D27073C85E49038370C309607E4D
                                                                  Malicious:false
                                                                  Preview: %PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 78 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 14/Kids[ 3 0 R 11 0 R 23 0 R 26 0 R 28 0 R 33 0 R 34 0 R 35 0 R 36 0 R 37 0 R 41 0 R 44 0 R 47 0 R 50 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 8 0 R>>/XObject<</Image7 7 0 R/Image10 10 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 609>>..stream..x..V.j.@.}....Q*.xgg................58v...~R.....+RL.+.f%...sfV0..GG......1..Gp:..;."T.&wyF..G.5*m...&.y.`.....U..W.|.3........6....{F..ZFm%.Bg.:...F....gS...|z%..."e0R...8.S.5Z..yv...y..G..cd.r.V..@..V.=A5.......c.A.7t.C..l.J.....:.....C.Q.....R.......b1/M....*..2.~L......gQ.M.U........9.s@....z..S.V..t...[?.aS>...~O.L.~5...j......p`X..........Aj..m[J..[)/.{tp.Z..
                                                                  C:\Program Files\App Dynamic\AirServer\avcodec-58.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):4173152
                                                                  Entropy (8bit):5.931861753251015
                                                                  Encrypted:false
                                                                  SSDEEP:49152:4hPu+O4U0hVdHVp1w+QQJdYVYAKmzG3s3/1Kk1naQSQAOs:F0hTJAKmnWT
                                                                  MD5:85220808C764B90FA1F4F8281ABE57E8
                                                                  SHA1:E9D69D45BB01C5A9E1879473E9CA1AFA2ABC04E0
                                                                  SHA-256:F42C0FC79370F962ACEB427027142CD2D35D236377F10B9228CC5558FE5FBD7C
                                                                  SHA-512:824CD198B7AF176CC4C3E7B5E76E8EC1D5D95D96BC33729D55141C5FEED868E4263A07722686C031D07656D31D5576F5D6B6CFEF959030EDF697FFA220478590
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........".E.C...C...C...;...C...+...C..<.D..C...+...C...+...C...+...C..5*...C...+...C...C..IC...C...C..5*...C..5*...C..5*...C..Rich.C..................PE..d...2..].........." ......4...+...............................................`.......@...`..........................................=.` ...L_..............P^.......?.`....._.......;.8...........................P.;..............@_..............................text.....4.......4................. ..`.rdata..0.....4.......4.............@..@.data....d ...=..0....=.............@....pdata.......P^.......=.............@..@.idata..R/...@_..0....>.............@..@_RDATA..~....p_.......?.............@..@.00cfg........_......*?.............@..@.reloc...a...._..b...,?.............@..B................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\avdevice-58.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):51040
                                                                  Entropy (8bit):4.4025328265820525
                                                                  Encrypted:false
                                                                  SSDEEP:384:VIXxl6q9JyZFyVbfUGRXmgvA+RpJnNpuN0yyAgHunZEZsHLQkZBMK6jE:o6+EFsf9RNvDRhpo0y80VlsKgE
                                                                  MD5:9A42BD94738DF25D3AE05B9DFEAE4B71
                                                                  SHA1:A985DC14B05C584D3466C79526C0C800DBD7D842
                                                                  SHA-256:034A30033419B9EB06F5EC7FE26C9A48F6F8C1C92148C5F39F6EF0C6FB98DCBC
                                                                  SHA-512:9CB1DB1788D22FECFA36F779200B035330D3323F4D9FDF7574F1B0B5C1E34556399F4C8F1F1EF4ECE600CE624525C20808726DA1951457283E4E8DEEBD7B16DD
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U3.V.R...R...R...*...R..C:...R..J:...R....J..R..C:...R..C:...R..C:...R...;...R...R..(R...;...R...;...R...;...R..Rich.R..........PE..d...5..].........." .....\...J...................................................... .....`.........................................p...d.......................<.......`.......L...@...8............................................................................text....Z.......\.................. ..`.rdata...(...p...*...`..............@..@.data...............................@....pdata..............................@..@.idata..............................@..@.00cfg..............................@..@.reloc..b...........................@..B........................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\avfilter-7.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):206688
                                                                  Entropy (8bit):5.4038922555068565
                                                                  Encrypted:false
                                                                  SSDEEP:3072:sQY2sto8vQ8nch30hqCsJI/EYiLNlLaBx192o9fcp1e:Jsto8DqHJhgxmoFcO
                                                                  MD5:A656BD436912C080AAC3EFB5FAA362F9
                                                                  SHA1:CA7BE07B6ABBC923F88FC24BB73B19A7F219206B
                                                                  SHA-256:A2AB62B1FDAAF213F8C86A62F5BCC5D793A5E5A9576F20AC2FAB5B5FD2752C58
                                                                  SHA-512:4404B7B8D872F2F9A874A851F5D598058B4CC738DC3B1ADA58EC2267D4C2B75F79EF4D185E57B63BD343DC63997AA7471D17F1CBCE9B2430643A4D6544869AE5
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iG...)..)..).p...)..`(..)..`(..)..`,..)..`-..)..`*..)..a(..)..(...)..a-..)..a)..)..a+..).Rich..).........................PE..d...4..].........." .........................................................P.......1....`.............................................Z...............................`....@..........8...........................................................................text...W........................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.idata...!......."..................@..@.00cfg.......0......................@..@.reloc..1....@......................@..B................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\avformat-58.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):806752
                                                                  Entropy (8bit):5.7957352880162105
                                                                  Encrypted:false
                                                                  SSDEEP:12288:dhCAC+btWKNgcxN2PnsbfEhDLKWNHwaP7/:nCoW0Tb2ULkxv
                                                                  MD5:35C2FCB4E36BE7E70840D75C6436DD9C
                                                                  SHA1:4C43A32D8F895D6DE5B36B01E5F4D3149A91D003
                                                                  SHA-256:C53D5D2CFD092E821781B67B531DC5E8520FEE5BEA47880BFF6923BC54078A6F
                                                                  SHA-512:3C6065A4B1F970D348A240FB463BF36D22A10181FE2A63AC1EF2355C9753D4ECCBDADCF9E21A36C043BC0FFF0E5276447013EAFCCEDD38E067ADEBEE56FF8AD5
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.m.|...|...|...u...n.......~....8..y.......p.......t...........'...z.......y...|...F.......D.......}.......}...Rich|...................PE..d...4..].........." ................y................................................+....`.........................................._..Z.... ..@...............HZ...0..`....`..X......8........................... ................................................text...7........................... ..`.rdata..J...........................@..@.data................h..............@....pdata..td.......f...t..............@..@.idata..[>.......@..................@..@.00cfg.......P......................@..@.reloc..l....`......................@..B................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\avutil-56.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):541024
                                                                  Entropy (8bit):5.6904294357715
                                                                  Encrypted:false
                                                                  SSDEEP:6144:HyygL/BTJFjnaMBFLbr28TXJb686h3C1Vr0Vj9vBd951IHhZznq5Eizcn:O9Jxrbr28TX16rJZAqyiz4
                                                                  MD5:2F35A7B420C8EEF315DC76B11DE0C9A4
                                                                  SHA1:92C4AD49B5548E9DE052C93953746E8BC464A3D9
                                                                  SHA-256:4070087AFBC0B70A9CDD3A4571036042F1EF06646E2B797E0406F31436E32756
                                                                  SHA-512:79EBE0532CBF4B6320A1E7AEF411D99ECA8A4690016438CD7159F55C5A3EB75065416048B0977319194A951CAA4879FE059E3E366018F76E9EC8FFD11539FE4F
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E..A..............D.....S........m......S.......S.......S.......Z...........................K...................Rich............PE..d.../..].........." .....F................................................................`..............................................I...I..,................-..."..`...............8...........................0................@...............................text....E.......F.................. ..`.rdata...j...`...l...J..............@..@.data....(..........................@....pdata...3.......4..................@..@.idata..Z ...@..."..................@..@.00cfg.......p......................@..@.reloc..............................@..B........................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\concrt140.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):332568
                                                                  Entropy (8bit):6.217408928777197
                                                                  Encrypted:false
                                                                  SSDEEP:6144:tlBybiGsY4lxA6c40PMjoTrDPbv+Xipv6wfnWzgcpw2eRJ:tWbzsBcPPlbxpvIzQT
                                                                  MD5:1028995446D0032530461BE30CA98F48
                                                                  SHA1:18446678152E9997EED9C02995F957D58A8E8F32
                                                                  SHA-256:D404B49C25CC76DC4C86E1D82FC23799482F6509E85A73ED8177EFC320EC0195
                                                                  SHA-512:ADB9AE577F082E0246CAE5C804FA4CD08BCF54CE78EACA02D49B9B1B262779667A251E98CAE807AFF50FDAC504B8CD855CE4D786F587D02E0A18F6AC8E0D882E
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\...2Q..2Q..2Qo..Q..2Q..Q..2Q..3P..2Q..3QR.2Q..6P..2Q..1P..2Q..7P..2Q..2P..2Q...Q..2Q..0P..2QRich..2Q........................PE..d.....0].........." ................................................................b.....`A........................................P....M..\Z...................6.......A......|...@l..8............................l..................`............................text............................... ..`.rdata...k.......l..................@..@.data....9...p...2...V..............@....pdata...6.......8..................@..@.rsrc...............................@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\d3dcompiler_47.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):4481376
                                                                  Entropy (8bit):6.373809113657972
                                                                  Encrypted:false
                                                                  SSDEEP:49152:6wBNwAqRvTvbehyCZ5xRmhErU6jFyU+dQZTHchy0eQago4I+oiP85+hA6+Se4QQk:YUZ5P7FwcAgLbz+3s0BmT
                                                                  MD5:759DB6F05C494F49FCCD6A9486AEE6AE
                                                                  SHA1:29FB222CE4AEE9D5FA38CB8FC16829878351F2BE
                                                                  SHA-256:7EF043BE993F44FAE2D3D657447C6E75385EC62520F916C63EFC0EACA8B68B24
                                                                  SHA-512:FACDBC462200FDD4DE06D05DAC96EFB60A2C844BB6AB5227A85C3A2065482DA1D530392C8EFBFB8D5C644DFDB0A68C7129183BFB6104E263E6F45F743910D632
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............i.\.i.\.i.\K2.].i.\K2.].i.\...].i.\..0\.i.\.i.\ m.\...].i.\...].i.\...].i.\...].i.\...]'i.\..^\.i.\..\\.i.\...].i.\Rich.i.\........................PE..d.....c..........." .....V3..t.......d&.......................................E.....F.D...`A..........................................A.x.....A......pD.@....`B......BD.`.....D......>.T...................8.6.(...0.6.............`.6..............................text....U3......V3................. ..`.rdata.......p3......Z3.............@..@.data....#...0A.......A.............@....pdata.......`B.......A.............@..@.rsrc...@....pD.......C.............@..@.reloc.......D.......C.............@..B........................................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\msvcp140.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):627992
                                                                  Entropy (8bit):6.360523442335369
                                                                  Encrypted:false
                                                                  SSDEEP:12288:dO93oUW7jh6DN0RUhsduQjqDZ6X/t5mTOKGmJ7DseBiltBMQEKZm+jWodEEVoFt:s3oUW7jh6DN0RUhsduQjqDZ6X/t5mTOo
                                                                  MD5:C1B066F9E3E2F3A6785161A8C7E0346A
                                                                  SHA1:8B3B943E79C40BC81FDAC1E038A276D034BBE812
                                                                  SHA-256:99E3E25CDA404283FBD96B25B7683A8D213E7954674ADEFA2279123A8D0701FD
                                                                  SHA-512:36F9E6C86AFBD80375295238B67E4F472EB86FCB84A590D8DBA928D4E7A502D4F903971827FDC331353E5B3D06616664450759432FDC8D304A56E7DACB84B728
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`..r$..!$..!$..!.O.!&..!-.|!2..!v.. '..!$..!...!v.. '..!v.. o..!v.. j..!v.. %..!v..!%..!v.. %..!Rich$..!................PE..d.....0].........." .........`...... ...............................................T.....`A............................................h....................0..t@...T...A..............8............................................ ..........@....................text...<........................... ..`.rdata..<.... ......................@..@.data....;..........................@....pdata..t@...0...B..................@..@.didat..h............B..............@....rsrc................D..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\swresample-3.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):191840
                                                                  Entropy (8bit):5.55608424485294
                                                                  Encrypted:false
                                                                  SSDEEP:1536:7HIXdwzJuk0X/Jw5Dy7KXewgnV2w1gvSPSq9QG38iLS6Co1dLS9aUMOLZ1lwt:7Ox1YexnV27S6q2GXiWxS9aUMOLZ1w
                                                                  MD5:8054F8A2EF85C690C9D082291301D857
                                                                  SHA1:E4F8C80908F250F0304223BE95280A801331FF7E
                                                                  SHA-256:B2DC013DF114028184B27B56A1767C0132D0CAA414E512BD958FC086D846E755
                                                                  SHA-512:DC92B30230A67E41CC4F98AD6DC6719AEB983A697D8A5A76A6D1058FDF6323C9E28231A32BA9B5DA2742A7DEEEB4A90DEE9449E5DFE817A5A310440080345C9E
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........)..mGK.mGK.mGK...K.mGK..FJ.mGK..FJ.mGK..BJ.mGK..CJ.mGK..DJ.mGKu.FJ.mGK.mFK.mGK.mGK.mGKu.CJ.mGKu.GJ.mGKu.EJ.mGKRich.mGK................PE..d...2..].........." ................?........................................ ............`.................................................0...x.......................`...............8...........................P...................0............................text............................... ..`.rdata.......0......................@..@.data...............................@....pdata..H...........................@..@.idata..............................@..@.00cfg..............................@..@.reloc..............................@..B................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\swscale-5.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):632672
                                                                  Entropy (8bit):5.881358981441057
                                                                  Encrypted:false
                                                                  SSDEEP:6144:1DKpoQKn00atFxuop9ZXpoDue7frsJ+hpreO3O9TZzYcpm6krD:1DNQ9tFxuoroie7frdhpreO3OZJZm7
                                                                  MD5:4533825964F26A08382D2B89E8F2BA35
                                                                  SHA1:DB952997D3FA8C8A11BBA36B880FE64B85452329
                                                                  SHA-256:118542A2B0C4B620BE20AE63F896F8AABBF8466BC0585AAF85E18DB91A9987F1
                                                                  SHA-512:2BF6818F586BB747828BD845A979B69027A8ACC0C185786C1C13487F9C77A4DD3F1E4D0456C5432BCA93550C28CF3808254EB00ECBDB35729A78BB1813E9ED5B
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>..m..m..m.&m..m...l..m...l..m...l..m...l..m...l..mz..l..m..m..m..m..mz..l..mz..l..mz..l..mRich..m................PE..d...2..].........." .....,........../........................................p...........`.........................................0........4..x................E......`....`..<...@...8............................................0...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data........0......................@....pdata...M.......N..................@..@.idata.......0.......d..............@..@_RDATA.......@.......t..............@..@.00cfg.......P.......~..............@..@.reloc.......`......................@..B........................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\vccorlib140.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):366872
                                                                  Entropy (8bit):5.900899813688224
                                                                  Encrypted:false
                                                                  SSDEEP:3072:SYXnkAiObjnmzH0nZxbwUSEHuKJemWtaOkic9VSgtH/5BhhXarUX1RdlWiNiC/0Q:SAkAvbjnmMN9XVFP7/09FSp
                                                                  MD5:9AC7AD6A47CF8BDDCE8DAFFD31CB03A5
                                                                  SHA1:55EDE0C378279526BF6E8B4093C382EE7AE111DB
                                                                  SHA-256:5966E6F9DE7A3AAC11D22C899BD7B3A1248B3C375461C1CE10EFB8EB871B394E
                                                                  SHA-512:D31289BC6321A77C8C43A8D49393ACB6C97EA9B5AE62FDC1A6A1F17B6A53A91EC1F714D71F1E944BFFA041B5F74E0266E68D80844F75FA624A4376D4A8ADDE3E
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........J.qf..qf..qf......qf...g..qf...c..qf...b..qf...e..qf.)...qf..qg..qf...o..qf...f..qf......qf...d..qf.Rich.qf.................PE..d...6.0].........." ................p|...............................................`....`A........................................p2...>...p.......p.......@..."...X...A..........P...8............................................................................text............................... ..`.rdata..............................@..@.data...8............n..............@....pdata..."...@...$..................@..@.rsrc........p.......8..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................................................
                                                                  C:\Program Files\App Dynamic\AirServer\vcruntime140.dll
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):85784
                                                                  Entropy (8bit):6.594110245111798
                                                                  Encrypted:false
                                                                  SSDEEP:1536:U3qPWvVCMgfw2eeWqjOebgk0jIpePxd76LGYU8j6ecbolG8EB4h88ii0:U66dsFeeBGPj1L6LGY+ecboC/8ip
                                                                  MD5:1453290DB80241683288F33E6DD5E80E
                                                                  SHA1:29FB9AF50458DF43EF40BFC8F0F516D0C0A106FD
                                                                  SHA-256:2B7602CC1521101D116995E3E2DDFE0943349806378A0D40ADD81BA64E359B6C
                                                                  SHA-512:4EA48A11E29EA7AC3957DCAB1A7912F83FD1C922C43D7B7D78523178FE236B4418729455B78AC672BB5632ECD5400746179802C6A9690ADB025270B0ADE84E91
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ZWB..6,..6,..6,.....6,..N...6,..6-.26,.L^/..6,.L^(..6,.L^)..6,.L^,..6,.L^...6,.L^...6,.Rich.6,.........................PE..d.....0].........." .........R...............................................P......<.....`A............................................4............0....... ...........A...@..t...P...8............................................................................text.............................. ..`.rdata...6.......8..................@..@.data... ...........................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc..t....@......................@..B........................................................................................................................................................................................................................................................
                                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirServer Universal (x64)\AirServer Universal (x64).lnk
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):2731
                                                                  Entropy (8bit):2.720430482357322
                                                                  Encrypted:false
                                                                  SSDEEP:24:8glZ9qSCJEFI7ESk6Wgvz+M8I7Dd9S+M8I7opm15zSApY4W8I7:82AxESkdgPDdo5P71ZSWWP
                                                                  MD5:B46C9C5127499F8B5865AF63484089FD
                                                                  SHA1:5F3AD197C1217417AC14386A9399BD8AEC5BF2A2
                                                                  SHA-256:EA8FE37BFBF7915A309F59B8662259BB2A1BDC692AC0098AACD997FC795A8A5C
                                                                  SHA-512:7D5CB14205B121C26D30D00C48DB3AB50837F4E41140938EA3B0BFBD5198831969F96CBCA03DB578C53E0BEBAE16231EA0C4EBFA5F81DF73CE1F6406BECB9C62
                                                                  Malicious:false
                                                                  Preview: L..................F.P...........................................................P.O. .:i.....+00.../C:\...................V.1.....>Q.<..Windows.@......L...S(v..........................[Q..W.i.n.d.o.w.s.....\.1......S@v..INSTAL~1..D......L..S@v..............................I.n.s.t.a.l.l.e.r.......1......SMv..{BB1CA~1..~......SMv.SMv............................v.{.B.B.1.C.A.F.3.6.-.A.D.D.5.-.4.3.1.A.-.8.C.B.C.-.6.A.9.2.A.4.8.C.7.2.4.7.}.....h.2......SMv!.AIRSER~1.EXE..L......SMv.SMv....=.....................+.s.A.i.r.S.e.r.v.e.r...e.x.e.......].A.i.r.S.e.r.v.e.r. .i.s. .a. .p.o.w.e.r.f.u.l. .a.p.p.l.i.c.a.t.i.o.n. .t.h.a.t. .e.n.a.b.l.e.s. .y.o.u. .t.o. .s.t.r.e.a.m. .o.r. .m.i.r.r.o.r. .y.o.u.r. .i.P.a.d. .o.r. .i.P.h.o.n.e...X.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.B.B.1.C.A.F.3.6.-.A.D.D.5.-.4.3.1.A.-.8.C.B.C.-.6.A.9.2.A.4.8.C.7.2.4.7.}.\.A.i.r.S.e.r.v.e.r...e.x.e.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.A.p.p. .D.y.n.a.m.i.c.\.A.i.r.S.e.r.v.e.r
                                                                  C:\Users\user\AppData\Local\Temp\MSI6062.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):207360
                                                                  Entropy (8bit):6.574209364487876
                                                                  Encrypted:false
                                                                  SSDEEP:3072:r65Z1YCHGiZXOVneG/kdvLdzusAatnw1lflQnB+QDO1Q+cxbVeFT:r657r+0G/kvzoaBcHLnN
                                                                  MD5:D773D9BD091E712DF7560F576DA53DE8
                                                                  SHA1:165CFBDCE1811883360112441F7237B287CF0691
                                                                  SHA-256:E0DB1804CF53ED4819ED70CB35C67680CE1A77573EFDED86E6DAC81010CE55E7
                                                                  SHA-512:15A956090F8756A6BFDBE191FDA36739B1107EADA62C6CD3058218BEB417BDBD2EA82BE9B055F7F6EB8017394B330DAFF2E9824DBC9C4F137BEAD8E2AC0574CD
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................!Es....!Eq....!Ep....L......L......L.......................h..1......1......1.}...........1......Rich...........PE..L......Z...........!.........L......?.....................................................@.................................p........P..x....................`..|...P...T...............................@...............<............................text...K........................... ..`.rdata..J...........................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc..|....`......................@..B........................................................................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\MSI645C.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):246112
                                                                  Entropy (8bit):6.32764937101342
                                                                  Encrypted:false
                                                                  SSDEEP:3072:6nfwJO6SR6P9VNYVghfcDpnC6eMwpI5gYmPXyzagHObEvvYBjQ2HMLmNZrIdwJ1K:6p6SAPaV2MjQfgaCTwC
                                                                  MD5:D4C47EF2E8A5637355B84695235F3F2E
                                                                  SHA1:4EE252CC6F4B61ECF16B5A2CF38BCB70100BB379
                                                                  SHA-256:284E8923FEAA8851869A5CAE44114764C4E659D0697FA40FBF320D49CEB46CAE
                                                                  SHA-512:1624175A2C315BBFF426E151614EA98807B1256E8B02FADFA6A7D104695019AB7B730C73CA5DD2F952E71E42B3E405E416D62474FDF416C72B9B2A1358A7DA05
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<M._]#._]#._]#..5 .Z]#..5&..]#..5'.P]#..5 .W]#..5&.x]#..5'.S]#..5%.]]#...&.S]#..5".J]#._]".]#..4*.S]#..4#.^]#..4..^]#..4!.^]#.Rich_]#.........PE..d...S:j_.........." .....L...v............................................................`..........................................f..t....i..........................`............9..p...........................0:...............`...............................text...PJ.......L.................. ..`.rdata.......`.......P..............@..@.data....0...........j..............@....pdata........... ...x..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\MSI810C.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):246112
                                                                  Entropy (8bit):6.32764937101342
                                                                  Encrypted:false
                                                                  SSDEEP:3072:6nfwJO6SR6P9VNYVghfcDpnC6eMwpI5gYmPXyzagHObEvvYBjQ2HMLmNZrIdwJ1K:6p6SAPaV2MjQfgaCTwC
                                                                  MD5:D4C47EF2E8A5637355B84695235F3F2E
                                                                  SHA1:4EE252CC6F4B61ECF16B5A2CF38BCB70100BB379
                                                                  SHA-256:284E8923FEAA8851869A5CAE44114764C4E659D0697FA40FBF320D49CEB46CAE
                                                                  SHA-512:1624175A2C315BBFF426E151614EA98807B1256E8B02FADFA6A7D104695019AB7B730C73CA5DD2F952E71E42B3E405E416D62474FDF416C72B9B2A1358A7DA05
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<M._]#._]#._]#..5 .Z]#..5&..]#..5'.P]#..5 .W]#..5&.x]#..5'.S]#..5%.]]#...&.S]#..5".J]#._]".]#..4*.S]#..4#.^]#..4..^]#..4!.^]#.Rich_]#.........PE..d...S:j_.........." .....L...v............................................................`..........................................f..t....i..........................`............9..p...........................0:...............`...............................text...PJ.......L.................. ..`.rdata.......`.......P..............@..@.data....0...........j..............@....pdata........... ...x..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                  C:\Users\user\AppData\Local\Temp\MSIB1C2.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):107008
                                                                  Entropy (8bit):6.518267525263852
                                                                  Encrypted:false
                                                                  SSDEEP:1536:+2UUj/2wsaO1oxlVVCXBlSz0doGxCznBxJFQNCUIsWK6cd4WJpPpxB60q9:dUU6w3lVoxlSz0jUtiNbb4WrPpxB6D9
                                                                  MD5:FAB4AA95C57F441B701BE7C2E81EE370
                                                                  SHA1:FAD06BB4BEDBF22BCCB2AB105A630F2C4435BBD4
                                                                  SHA-256:8AD1084DE9A734B2D5C86F472F671CC324632B3A6CA5AAA0C360D93D4D08E148
                                                                  SHA-512:7AB85940F9C6144864FC5B5221EAE30CB5800EE5FA270957109E8F182551806965FE1DFEFFBE655D805AA2BB33B0896725236B4422D3A540D90FD55CE174EF48
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;....k.V.k.V.k.V..bVvk.V..`V.k.V..aVgk.V...Wnk.V...Wok.V...Wik.Vv..Vlk.V.k.V.k.V...Wok.V...W~k.V..lV~k.V.k.V~k.V...W~k.VRich.k.V........................PE..L.....Z...........!.................4....... ............................................@.........................@...\...............x...............................T...........................8...@............ ..(............................text...+........................... ..`.rdata...t... ...v..................@..@.data...X"..........................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\4ec846.msi
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AirServer Universal (x64), Author: App Dynamic, Keywords: Installer, Comments: This installer database contains the logic and data required to install AirServer Universal (x64)., Template: x64;1033, Revision Number: {EE2DBA36-6558-4C1A-BB78-A00681594571}, Create Time/Date: Tue Sep 22 18:56:32 2020, Last Saved Time/Date: Tue Sep 22 18:56:32 2020, Number of Pages: 405, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                  Category:dropped
                                                                  Size (bytes):15478784
                                                                  Entropy (8bit):7.9304813668917955
                                                                  Encrypted:false
                                                                  SSDEEP:393216:f4kLMwFXt2Yz6880kRUBpmiyXpPkB37sj2:fn1FQYz58zRU/Py5PcQj2
                                                                  MD5:D0C1F8B537D6AA6B339158107BD34D3A
                                                                  SHA1:1317AE28F2B43DDFADD1E5311DEFAA678277BE6F
                                                                  SHA-256:4A92C6E42FB2BEC9FB177F6D379B3E86728D81BFE3F69FC53C175C13532B586F
                                                                  SHA-512:5E9C3F8330FD50491F221682FD9819BB4588E6D66AEC69991C96ACAEB91105D72656B62C33C38EAACFEEF4399D786E47389167210BB35D958A36E897FB49321A
                                                                  Malicious:false
                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\4ec848.msi
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AirServer Universal (x64), Author: App Dynamic, Keywords: Installer, Comments: This installer database contains the logic and data required to install AirServer Universal (x64)., Template: x64;1033, Revision Number: {EE2DBA36-6558-4C1A-BB78-A00681594571}, Create Time/Date: Tue Sep 22 18:56:32 2020, Last Saved Time/Date: Tue Sep 22 18:56:32 2020, Number of Pages: 405, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                  Category:dropped
                                                                  Size (bytes):15478784
                                                                  Entropy (8bit):7.9304813668917955
                                                                  Encrypted:false
                                                                  SSDEEP:393216:f4kLMwFXt2Yz6880kRUBpmiyXpPkB37sj2:fn1FQYz58zRU/Py5PcQj2
                                                                  MD5:D0C1F8B537D6AA6B339158107BD34D3A
                                                                  SHA1:1317AE28F2B43DDFADD1E5311DEFAA678277BE6F
                                                                  SHA-256:4A92C6E42FB2BEC9FB177F6D379B3E86728D81BFE3F69FC53C175C13532B586F
                                                                  SHA-512:5E9C3F8330FD50491F221682FD9819BB4588E6D66AEC69991C96ACAEB91105D72656B62C33C38EAACFEEF4399D786E47389167210BB35D958A36E897FB49321A
                                                                  Malicious:false
                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSI1383.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):246112
                                                                  Entropy (8bit):6.32764937101342
                                                                  Encrypted:false
                                                                  SSDEEP:3072:6nfwJO6SR6P9VNYVghfcDpnC6eMwpI5gYmPXyzagHObEvvYBjQ2HMLmNZrIdwJ1K:6p6SAPaV2MjQfgaCTwC
                                                                  MD5:D4C47EF2E8A5637355B84695235F3F2E
                                                                  SHA1:4EE252CC6F4B61ECF16B5A2CF38BCB70100BB379
                                                                  SHA-256:284E8923FEAA8851869A5CAE44114764C4E659D0697FA40FBF320D49CEB46CAE
                                                                  SHA-512:1624175A2C315BBFF426E151614EA98807B1256E8B02FADFA6A7D104695019AB7B730C73CA5DD2F952E71E42B3E405E416D62474FDF416C72B9B2A1358A7DA05
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<M._]#._]#._]#..5 .Z]#..5&..]#..5'.P]#..5 .W]#..5&.x]#..5'.S]#..5%.]]#...&.S]#..5".J]#._]".]#..4*.S]#..4#.^]#..4..^]#..4!.^]#.Rich_]#.........PE..d...S:j_.........." .....L...v............................................................`..........................................f..t....i..........................`............9..p...........................0:...............`...............................text...PJ.......L.................. ..`.rdata.......`.......P..............@..@.data....0...........j..............@....pdata........... ...x..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSI144F.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):246112
                                                                  Entropy (8bit):6.32764937101342
                                                                  Encrypted:false
                                                                  SSDEEP:3072:6nfwJO6SR6P9VNYVghfcDpnC6eMwpI5gYmPXyzagHObEvvYBjQ2HMLmNZrIdwJ1K:6p6SAPaV2MjQfgaCTwC
                                                                  MD5:D4C47EF2E8A5637355B84695235F3F2E
                                                                  SHA1:4EE252CC6F4B61ECF16B5A2CF38BCB70100BB379
                                                                  SHA-256:284E8923FEAA8851869A5CAE44114764C4E659D0697FA40FBF320D49CEB46CAE
                                                                  SHA-512:1624175A2C315BBFF426E151614EA98807B1256E8B02FADFA6A7D104695019AB7B730C73CA5DD2F952E71E42B3E405E416D62474FDF416C72B9B2A1358A7DA05
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<M._]#._]#._]#..5 .Z]#..5&..]#..5'.P]#..5 .W]#..5&.x]#..5'.S]#..5%.]]#...&.S]#..5".J]#._]".]#..4*.S]#..4#.^]#..4..^]#..4!.^]#.Rich_]#.........PE..d...S:j_.........." .....L...v............................................................`..........................................f..t....i..........................`............9..p...........................0:...............`...............................text...PJ.......L.................. ..`.rdata.......`.......P..............@..@.data....0...........j..............@....pdata........... ...x..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSI154A.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):246112
                                                                  Entropy (8bit):6.32764937101342
                                                                  Encrypted:false
                                                                  SSDEEP:3072:6nfwJO6SR6P9VNYVghfcDpnC6eMwpI5gYmPXyzagHObEvvYBjQ2HMLmNZrIdwJ1K:6p6SAPaV2MjQfgaCTwC
                                                                  MD5:D4C47EF2E8A5637355B84695235F3F2E
                                                                  SHA1:4EE252CC6F4B61ECF16B5A2CF38BCB70100BB379
                                                                  SHA-256:284E8923FEAA8851869A5CAE44114764C4E659D0697FA40FBF320D49CEB46CAE
                                                                  SHA-512:1624175A2C315BBFF426E151614EA98807B1256E8B02FADFA6A7D104695019AB7B730C73CA5DD2F952E71E42B3E405E416D62474FDF416C72B9B2A1358A7DA05
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<M._]#._]#._]#..5 .Z]#..5&..]#..5'.P]#..5 .W]#..5&.x]#..5'.S]#..5%.]]#...&.S]#..5".J]#._]".]#..4*.S]#..4#.^]#..4..^]#..4!.^]#.Rich_]#.........PE..d...S:j_.........." .....L...v............................................................`..........................................f..t....i..........................`............9..p...........................0:...............`...............................text...PJ.......L.................. ..`.rdata.......`.......P..............@..@.data....0...........j..............@....pdata........... ...x..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSI18A6.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):121344
                                                                  Entropy (8bit):6.5655402413250465
                                                                  Encrypted:false
                                                                  SSDEEP:3072:UvFX6aATavYxRVZLUn895HSAxj5/pUlh/PpxDpc:UvFXpATpV9E8TytVm
                                                                  MD5:BA3165EC14E657E6235D6D789E9E25CA
                                                                  SHA1:F626FCC0E7E7F26A092DA6A995F5936A45C4F71A
                                                                  SHA-256:BF93DE4755822425F3FD3928B52D2A6E6C91AB069213AAAA95695ED3E17E72E9
                                                                  SHA-512:6D83DD60B1F8E8D93DDBDA657B1C75F86C1F5F6EAC899123F6CE498F5DD1A5ABF05E29776144044C6A848E8FDD2B9A6A5367C4B249B879A310A260FB6B55B6DA
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............gk.gk.gk.3...gk.3....gk.3....gk.^.h..gk.^.o..gk.^.n..gk.....gk.gj.*gk.#.n..gk.#.k..gk.#...gk.g..gk.#.i..gk.Rich.gk.........PE..L......Z...........!.....0...........E.......@...............................0............@....................................................................|.......T..............................@............@...............................text..../.......0.................. ..`.rdata..v....@.......4..............@..@.data...X"..........................@....rsrc...............................@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSI1B57.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):207360
                                                                  Entropy (8bit):6.574209364487876
                                                                  Encrypted:false
                                                                  SSDEEP:3072:r65Z1YCHGiZXOVneG/kdvLdzusAatnw1lflQnB+QDO1Q+cxbVeFT:r657r+0G/kvzoaBcHLnN
                                                                  MD5:D773D9BD091E712DF7560F576DA53DE8
                                                                  SHA1:165CFBDCE1811883360112441F7237B287CF0691
                                                                  SHA-256:E0DB1804CF53ED4819ED70CB35C67680CE1A77573EFDED86E6DAC81010CE55E7
                                                                  SHA-512:15A956090F8756A6BFDBE191FDA36739B1107EADA62C6CD3058218BEB417BDBD2EA82BE9B055F7F6EB8017394B330DAFF2E9824DBC9C4F137BEAD8E2AC0574CD
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................!Es....!Eq....!Ep....L......L......L.......................h..1......1......1.}...........1......Rich...........PE..L......Z...........!.........L......?.....................................................@.................................p........P..x....................`..|...P...T...............................@...............<............................text...K........................... ..`.rdata..J...........................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc..|....`......................@..B........................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSI1E46.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):207360
                                                                  Entropy (8bit):6.574209364487876
                                                                  Encrypted:false
                                                                  SSDEEP:3072:r65Z1YCHGiZXOVneG/kdvLdzusAatnw1lflQnB+QDO1Q+cxbVeFT:r657r+0G/kvzoaBcHLnN
                                                                  MD5:D773D9BD091E712DF7560F576DA53DE8
                                                                  SHA1:165CFBDCE1811883360112441F7237B287CF0691
                                                                  SHA-256:E0DB1804CF53ED4819ED70CB35C67680CE1A77573EFDED86E6DAC81010CE55E7
                                                                  SHA-512:15A956090F8756A6BFDBE191FDA36739B1107EADA62C6CD3058218BEB417BDBD2EA82BE9B055F7F6EB8017394B330DAFF2E9824DBC9C4F137BEAD8E2AC0574CD
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................!Es....!Eq....!Ep....L......L......L.......................h..1......1......1.}...........1......Rich...........PE..L......Z...........!.........L......?.....................................................@.................................p........P..x....................`..|...P...T...............................@...............<............................text...K........................... ..`.rdata..J...........................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc..|....`......................@..B........................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSID20A.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):246112
                                                                  Entropy (8bit):6.32764937101342
                                                                  Encrypted:false
                                                                  SSDEEP:3072:6nfwJO6SR6P9VNYVghfcDpnC6eMwpI5gYmPXyzagHObEvvYBjQ2HMLmNZrIdwJ1K:6p6SAPaV2MjQfgaCTwC
                                                                  MD5:D4C47EF2E8A5637355B84695235F3F2E
                                                                  SHA1:4EE252CC6F4B61ECF16B5A2CF38BCB70100BB379
                                                                  SHA-256:284E8923FEAA8851869A5CAE44114764C4E659D0697FA40FBF320D49CEB46CAE
                                                                  SHA-512:1624175A2C315BBFF426E151614EA98807B1256E8B02FADFA6A7D104695019AB7B730C73CA5DD2F952E71E42B3E405E416D62474FDF416C72B9B2A1358A7DA05
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<M._]#._]#._]#..5 .Z]#..5&..]#..5'.P]#..5 .W]#..5&.x]#..5'.S]#..5%.]]#...&.S]#..5".J]#._]".]#..4*.S]#..4#.^]#..4..^]#..4!.^]#.Rich_]#.........PE..d...S:j_.........." .....L...v............................................................`..........................................f..t....i..........................`............9..p...........................0:...............`...............................text...PJ.......L.................. ..`.rdata.......`.......P..............@..@.data....0...........j..............@....pdata........... ...x..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSID4CA.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):246112
                                                                  Entropy (8bit):6.32764937101342
                                                                  Encrypted:false
                                                                  SSDEEP:3072:6nfwJO6SR6P9VNYVghfcDpnC6eMwpI5gYmPXyzagHObEvvYBjQ2HMLmNZrIdwJ1K:6p6SAPaV2MjQfgaCTwC
                                                                  MD5:D4C47EF2E8A5637355B84695235F3F2E
                                                                  SHA1:4EE252CC6F4B61ECF16B5A2CF38BCB70100BB379
                                                                  SHA-256:284E8923FEAA8851869A5CAE44114764C4E659D0697FA40FBF320D49CEB46CAE
                                                                  SHA-512:1624175A2C315BBFF426E151614EA98807B1256E8B02FADFA6A7D104695019AB7B730C73CA5DD2F952E71E42B3E405E416D62474FDF416C72B9B2A1358A7DA05
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<M._]#._]#._]#..5 .Z]#..5&..]#..5'.P]#..5 .W]#..5&.x]#..5'.S]#..5%.]]#...&.S]#..5".J]#._]".]#..4*.S]#..4#.^]#..4..^]#..4!.^]#.Rich_]#.........PE..d...S:j_.........." .....L...v............................................................`..........................................f..t....i..........................`............9..p...........................0:...............`...............................text...PJ.......L.................. ..`.rdata.......`.......P..............@..@.data....0...........j..............@....pdata........... ...x..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSIDAD6.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1753775
                                                                  Entropy (8bit):6.433696877487136
                                                                  Encrypted:false
                                                                  SSDEEP:49152:gqCVUCPqCVUCHqCVUCZBE58xo58xZ58x9:gE8EUEyBEdcY
                                                                  MD5:CDE87DDA58E54BCB436F0CD53AE46608
                                                                  SHA1:3D638F930D3BF1F26CD783F9D1D633D8BF584B6F
                                                                  SHA-256:E18C9AFD7F85C91F16714CAF295120FAB177A44F38E9DB6C2FC70D179BA5A318
                                                                  SHA-512:122E600A5DE5CB8CC4D94825F7FD89F574CDB10BFC5F2D716F7DC0A102B552981F8907A439DA060044B235E41742337DB8E1A98563502B4E527CDDCACA3AA069
                                                                  Malicious:false
                                                                  Preview: ...@IXOS.@.....@@~.S.@.....@.....@.....@.....@.....@......&.{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}..AirServer Universal (x64)..AirServer-5.6.3-x64.msi.@.....@.....@.....@......AirServer.exe..&.{EE2DBA36-6558-4C1A-BB78-A00681594571}.....@.....@.....@.....@.......@.....@.....@.......@......AirServer Universal (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{FFBD63BB-930F-47DD-B794-2A8F77894865}#.22:\Software\App Dynamic\AirServer\.@.......@.....@.....@......&.{EE78693A-1B58-49F3-ABCB-B4F70C9B23B9}B.C:\Program Files\App Dynamic\AirServer\EndUserLicenseAgreement.rtf.@.......@.....@.....@......&.{9009561F-201C-4F26-B9C6-240CF9FEC91D}?.C:\Program Files\App Dynamic\AirServer\Installing AirServer.pdf.@.......@.....@.....@......&.{D0A0A5B5-4C7D-43EA-A9F8-5766FD149F1B}4.C:\Program Files\App Dynamic\AirServer\AirServer.exe.@.......@.....@.....@......&.{475
                                                                  C:\Windows\Installer\MSIDAD7.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):294400
                                                                  Entropy (8bit):6.529001950189018
                                                                  Encrypted:false
                                                                  SSDEEP:6144:Mp8lGHAxAqm2EVZ9AOmnW70MLcZK/Vt9bx5n:sHAxLiDAQ06EK97nn
                                                                  MD5:4EA4312C76659041D79E85205EE74691
                                                                  SHA1:28024EEB387F00CD62C407E7E636440837FE66FC
                                                                  SHA-256:87D830DFBCB4FDAF57C5A184FA24F6740711F4022799F059ECE5BAFB13FE813A
                                                                  SHA-512:CF0C67795FF50E2893D124D6A3EBAD6C1650771F3689601233565FAE31FCF84228C3B7EB96A8CE76C73FEDA2457553BBAF0B2F74005B429D5839A68FEB031F9E
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.b.t...t...t....&..}....&.......&..l.......e.......d.......o...}..p...}..c...t...........4.......u......u...t...u.......u...Richt...................PE..L......Z...........!......................................................................@......................... L.......N..................................@%...B..T...........................(C..@............................................text............................... ..`.rdata.............................@..@.data....#...`.......H..............@....rsrc................R..............@..@.reloc..@%.......&...X..............@..B................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSIDDC6.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):121344
                                                                  Entropy (8bit):6.5655402413250465
                                                                  Encrypted:false
                                                                  SSDEEP:3072:UvFX6aATavYxRVZLUn895HSAxj5/pUlh/PpxDpc:UvFXpATpV9E8TytVm
                                                                  MD5:BA3165EC14E657E6235D6D789E9E25CA
                                                                  SHA1:F626FCC0E7E7F26A092DA6A995F5936A45C4F71A
                                                                  SHA-256:BF93DE4755822425F3FD3928B52D2A6E6C91AB069213AAAA95695ED3E17E72E9
                                                                  SHA-512:6D83DD60B1F8E8D93DDBDA657B1C75F86C1F5F6EAC899123F6CE498F5DD1A5ABF05E29776144044C6A848E8FDD2B9A6A5367C4B249B879A310A260FB6B55B6DA
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............gk.gk.gk.3...gk.3....gk.3....gk.^.h..gk.^.o..gk.^.n..gk.....gk.gj.*gk.#.n..gk.#.k..gk.#...gk.g..gk.#.i..gk.Rich.gk.........PE..L......Z...........!.....0...........E.......@...............................0............@....................................................................|.......T..............................@............@...............................text..../.......0.................. ..`.rdata..v....@.......4..............@..@.data...X"..........................@....rsrc...............................@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSIE086.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):246112
                                                                  Entropy (8bit):6.32764937101342
                                                                  Encrypted:false
                                                                  SSDEEP:3072:6nfwJO6SR6P9VNYVghfcDpnC6eMwpI5gYmPXyzagHObEvvYBjQ2HMLmNZrIdwJ1K:6p6SAPaV2MjQfgaCTwC
                                                                  MD5:D4C47EF2E8A5637355B84695235F3F2E
                                                                  SHA1:4EE252CC6F4B61ECF16B5A2CF38BCB70100BB379
                                                                  SHA-256:284E8923FEAA8851869A5CAE44114764C4E659D0697FA40FBF320D49CEB46CAE
                                                                  SHA-512:1624175A2C315BBFF426E151614EA98807B1256E8B02FADFA6A7D104695019AB7B730C73CA5DD2F952E71E42B3E405E416D62474FDF416C72B9B2A1358A7DA05
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<M._]#._]#._]#..5 .Z]#..5&..]#..5'.P]#..5 .W]#..5&.x]#..5'.S]#..5%.]]#...&.S]#..5".J]#._]".]#..4*.S]#..4#.^]#..4..^]#..4!.^]#.Rich_]#.........PE..d...S:j_.........." .....L...v............................................................`..........................................f..t....i..........................`............9..p...........................0:...............`...............................text...PJ.......L.................. ..`.rdata.......`.......P..............@..@.data....0...........j..............@....pdata........... ...x..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSIE317.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):246112
                                                                  Entropy (8bit):6.32764937101342
                                                                  Encrypted:false
                                                                  SSDEEP:3072:6nfwJO6SR6P9VNYVghfcDpnC6eMwpI5gYmPXyzagHObEvvYBjQ2HMLmNZrIdwJ1K:6p6SAPaV2MjQfgaCTwC
                                                                  MD5:D4C47EF2E8A5637355B84695235F3F2E
                                                                  SHA1:4EE252CC6F4B61ECF16B5A2CF38BCB70100BB379
                                                                  SHA-256:284E8923FEAA8851869A5CAE44114764C4E659D0697FA40FBF320D49CEB46CAE
                                                                  SHA-512:1624175A2C315BBFF426E151614EA98807B1256E8B02FADFA6A7D104695019AB7B730C73CA5DD2F952E71E42B3E405E416D62474FDF416C72B9B2A1358A7DA05
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<M._]#._]#._]#..5 .Z]#..5&..]#..5'.P]#..5 .W]#..5&.x]#..5'.S]#..5%.]]#...&.S]#..5".J]#._]".]#..4*.S]#..4#.^]#..4..^]#..4!.^]#.Rich_]#.........PE..d...S:j_.........." .....L...v............................................................`..........................................f..t....i..........................`............9..p...........................0:...............`...............................text...PJ.......L.................. ..`.rdata.......`.......P..............@..@.data....0...........j..............@....pdata........... ...x..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSIE6D1.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):121344
                                                                  Entropy (8bit):6.5655402413250465
                                                                  Encrypted:false
                                                                  SSDEEP:3072:UvFX6aATavYxRVZLUn895HSAxj5/pUlh/PpxDpc:UvFXpATpV9E8TytVm
                                                                  MD5:BA3165EC14E657E6235D6D789E9E25CA
                                                                  SHA1:F626FCC0E7E7F26A092DA6A995F5936A45C4F71A
                                                                  SHA-256:BF93DE4755822425F3FD3928B52D2A6E6C91AB069213AAAA95695ED3E17E72E9
                                                                  SHA-512:6D83DD60B1F8E8D93DDBDA657B1C75F86C1F5F6EAC899123F6CE498F5DD1A5ABF05E29776144044C6A848E8FDD2B9A6A5367C4B249B879A310A260FB6B55B6DA
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............gk.gk.gk.3...gk.3....gk.3....gk.^.h..gk.^.o..gk.^.n..gk.....gk.gj.*gk.#.n..gk.#.k..gk.#...gk.g..gk.#.i..gk.Rich.gk.........PE..L......Z...........!.....0...........E.......@...............................0............@....................................................................|.......T..............................@............@...............................text..../.......0.................. ..`.rdata..v....@.......4..............@..@.data...X"..........................@....rsrc...............................@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSIE7FB.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):207360
                                                                  Entropy (8bit):6.574209364487876
                                                                  Encrypted:false
                                                                  SSDEEP:3072:r65Z1YCHGiZXOVneG/kdvLdzusAatnw1lflQnB+QDO1Q+cxbVeFT:r657r+0G/kvzoaBcHLnN
                                                                  MD5:D773D9BD091E712DF7560F576DA53DE8
                                                                  SHA1:165CFBDCE1811883360112441F7237B287CF0691
                                                                  SHA-256:E0DB1804CF53ED4819ED70CB35C67680CE1A77573EFDED86E6DAC81010CE55E7
                                                                  SHA-512:15A956090F8756A6BFDBE191FDA36739B1107EADA62C6CD3058218BEB417BDBD2EA82BE9B055F7F6EB8017394B330DAFF2E9824DBC9C4F137BEAD8E2AC0574CD
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................!Es....!Eq....!Ep....L......L......L.......................h..1......1......1.}...........1......Rich...........PE..L......Z...........!.........L......?.....................................................@.................................p........P..x....................`..|...P...T...............................@...............<............................text...K........................... ..`.rdata..J...........................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc..|....`......................@..B........................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\MSIED6B.tmp
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):294400
                                                                  Entropy (8bit):6.529001950189018
                                                                  Encrypted:false
                                                                  SSDEEP:6144:Mp8lGHAxAqm2EVZ9AOmnW70MLcZK/Vt9bx5n:sHAxLiDAQ06EK97nn
                                                                  MD5:4EA4312C76659041D79E85205EE74691
                                                                  SHA1:28024EEB387F00CD62C407E7E636440837FE66FC
                                                                  SHA-256:87D830DFBCB4FDAF57C5A184FA24F6740711F4022799F059ECE5BAFB13FE813A
                                                                  SHA-512:CF0C67795FF50E2893D124D6A3EBAD6C1650771F3689601233565FAE31FCF84228C3B7EB96A8CE76C73FEDA2457553BBAF0B2F74005B429D5839A68FEB031F9E
                                                                  Malicious:false
                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.b.t...t...t....&..}....&.......&..l.......e.......d.......o...}..p...}..c...t...........4.......u......u...t...u.......u...Richt...................PE..L......Z...........!......................................................................@......................... L.......N..................................@%...B..T...........................(C..@............................................text............................... ..`.rdata.............................@..@.data....#...`.......H..............@....rsrc................R..............@..@.reloc..@%.......&...X..............@..B................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\SourceHash{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                  Category:dropped
                                                                  Size (bytes):20480
                                                                  Entropy (8bit):1.1694802676189204
                                                                  Encrypted:false
                                                                  SSDEEP:12:JSbX72FjHAGiLIlHVRpU5h/7777777777777777777777777vDHFeXQ1/TSsJl0G:JVQI5Gnp/TSzF
                                                                  MD5:071EE3341BF4B74E47DC9D335CA0DF0C
                                                                  SHA1:0F0FC19F9CBE855F7782F5FA9A5150F9D46A5330
                                                                  SHA-256:25EA26F2D161033305BFFB380935AC99229657591AB02FF99C4EAB0108CB097C
                                                                  SHA-512:244CE080E6848643205577781BBA9787E94AA497B391A871AA087F002C195FF63166FE6245DB2E62E42BE29A61993DB2630A6833614F4D7BABF57BB125926119
                                                                  Malicious:false
                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                  Category:dropped
                                                                  Size (bytes):20480
                                                                  Entropy (8bit):1.8231698873907254
                                                                  Encrypted:false
                                                                  SSDEEP:96:zhn19jTQ+Up4Vxgltg5SfrzETRTsOcGoKj:N1ZpeaglS0ETRTPzT
                                                                  MD5:C5D9DD34995020B6BE9BAE26B9CB46DE
                                                                  SHA1:E4D419EAA9D19293B40F13F5F13FA86400D4CC42
                                                                  SHA-256:41A5F8FBDA7C4AF5A60C206746C0DBCCA394F43F66B62430C029B6ACAF8BD4B5
                                                                  SHA-512:BE582AF130250E16826A0DA23863C6FE8E99005F0A4F752B8FBE267A8FF6BB3136C39DE383D4CBF3FB8B23F2AA711FCC10D1B8E757C43B67A65338E873E993A0
                                                                  Malicious:false
                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Installer\{BB1CAF36-ADD5-431A-8CBC-6A92A48C7247}\AirServer.exe
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:MS Windows icon resource - 17 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                                  Category:dropped
                                                                  Size (bytes):136478
                                                                  Entropy (8bit):3.596243837781
                                                                  Encrypted:false
                                                                  SSDEEP:384:UO2uFNsts6iwKdnnDnlkMnDnxAADAtF1BxgMfLLnYQBWHUtO9tDbH9HMMTa6sK8r:3FNsJiybuiJKWFmOr
                                                                  MD5:1406749FEE5EF7437D045A9F929E3902
                                                                  SHA1:E58070E91B9543EF22DD6E39A8DA148E8C028160
                                                                  SHA-256:FB8147C92956583032F433D0F7EE6913B229F2FFA2EFF0FD54BD775E84FB8429
                                                                  SHA-512:999D1F5DE4A0A0F0625CB40A391A26D3012C4A29E763F6F7CD8289B423B1638DCEF1571B0A698950AA99E75AF24615C1664D0CDB5693494FB3BC16901E4EEAE4
                                                                  Malicious:false
                                                                  Preview: ..............(...............h...>......... .h....... .............. .............. .... .........((..........F(..((...........-..((.... .h....8..00......h....S..00...........Y..00.... ..%...h..@@......h......@@......(...>...@@.... .(B..f......... .(............. .h.......(....... ...................................;;;................................................................................................................... ............................ ..!......................................................?...?...5Y..89..8...<y...A..................(....... ...................................;;;...........................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):79122
                                                                  Entropy (8bit):5.282157320299685
                                                                  Encrypted:false
                                                                  SSDEEP:192:jmXs969ozNSkk3peTBYeHt0tfoI9qsjl0urmwYyim:yXs9UogeWeH29qclhmwYyim
                                                                  MD5:0EB7C9E30446CC71CB096EE74630F650
                                                                  SHA1:23A2F57E7391ED7CC1D07972E9CBCE7F5C841FF9
                                                                  SHA-256:C1E5565D42A790038D95EA62C92B84C86971831D7176EAFAD64FFA04AD4AB8CC
                                                                  SHA-512:22DE1635B783D9669587EA90C13D2EDB85F214C1400E6813C5B252CF9B83C12F8A20706B23EDE368BD0635D26A628B08EB8E1349308D11A7622C9FA01B4696CA
                                                                  Malicious:false
                                                                  Preview: .To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..07/23/2020 03:22:38.143 [320]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 03:22:38.159 [320]: ngen returning 0x00000000..07/23/2020 03:22:38.222 [3748]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 03:22:38.237 [3748]: ngen returning 0x00000000..07/23/2020 03:22:38.284 [64]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 03:22:38.300 [64]:
                                                                  C:\Windows\Temp\~DF00C3E26B9028D212.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):512
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3::
                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                  Malicious:false
                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DF5503A328AF0E3A6B.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):512
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3::
                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                  Malicious:false
                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DF5C20F3458B259EFB.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                  Category:dropped
                                                                  Size (bytes):20480
                                                                  Entropy (8bit):1.8231698873907254
                                                                  Encrypted:false
                                                                  SSDEEP:96:zhn19jTQ+Up4Vxgltg5SfrzETRTsOcGoKj:N1ZpeaglS0ETRTPzT
                                                                  MD5:C5D9DD34995020B6BE9BAE26B9CB46DE
                                                                  SHA1:E4D419EAA9D19293B40F13F5F13FA86400D4CC42
                                                                  SHA-256:41A5F8FBDA7C4AF5A60C206746C0DBCCA394F43F66B62430C029B6ACAF8BD4B5
                                                                  SHA-512:BE582AF130250E16826A0DA23863C6FE8E99005F0A4F752B8FBE267A8FF6BB3136C39DE383D4CBF3FB8B23F2AA711FCC10D1B8E757C43B67A65338E873E993A0
                                                                  Malicious:false
                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DF88817F534F99A485.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                  Category:dropped
                                                                  Size (bytes):32768
                                                                  Entropy (8bit):1.441081002459636
                                                                  Encrypted:false
                                                                  SSDEEP:96:Y/bpTTe9+Up4Vxgltg5SfrzETRTsOcGoKj:4bpX1eaglS0ETRTPzT
                                                                  MD5:81915E6C656576ACCEBEF0FCE212685D
                                                                  SHA1:60B129B0CAEEDD232777D5197F137B9E59F8F931
                                                                  SHA-256:0D24F411456604EC83744E4013878E115C83BB586FA3570EB4001BD3B20689B8
                                                                  SHA-512:A4CC041B87FE3B0851C5F340E20C5929090DC650F7C72730AD1894F55444313D33B67F26EFA96429422EF2CEDA9C11FAF8A31DD2B43BC18CE1AB74DF94653D7D
                                                                  Malicious:false
                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DF982A9A5814AAACCE.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):32768
                                                                  Entropy (8bit):0.07558500351290733
                                                                  Encrypted:false
                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOeXQWg/TS9o6Vky6lD1:2F0i8n0itFzDHFeXQ1/TSsJ
                                                                  MD5:EB3CA21F885BCE376D1BDEA2432020F6
                                                                  SHA1:4304AF87D38D2B0DA38A3ED12DA5A8D0AE9647F4
                                                                  SHA-256:2EC139150B190958CAA5E920813ED91FCFCFD5042147382A80C2F53CAA5048BE
                                                                  SHA-512:6D33B1B9004CF2E10F9D067751F23EE840A48ED61C6E93DDA82D6E02C8E8F0BF2A6236E125C808A07ED01C616F7A63AFCD67D765CDDBBFB4C923328AB4A51D2E
                                                                  Malicious:false
                                                                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DFA703B4AAE925ADB0.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):512
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3::
                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                  Malicious:false
                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DFB687F7DDFD7CA94C.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                  Category:dropped
                                                                  Size (bytes):32768
                                                                  Entropy (8bit):1.441081002459636
                                                                  Encrypted:false
                                                                  SSDEEP:96:Y/bpTTe9+Up4Vxgltg5SfrzETRTsOcGoKj:4bpX1eaglS0ETRTPzT
                                                                  MD5:81915E6C656576ACCEBEF0FCE212685D
                                                                  SHA1:60B129B0CAEEDD232777D5197F137B9E59F8F931
                                                                  SHA-256:0D24F411456604EC83744E4013878E115C83BB586FA3570EB4001BD3B20689B8
                                                                  SHA-512:A4CC041B87FE3B0851C5F340E20C5929090DC650F7C72730AD1894F55444313D33B67F26EFA96429422EF2CEDA9C11FAF8A31DD2B43BC18CE1AB74DF94653D7D
                                                                  Malicious:false
                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DFB6AAC082AA6086A1.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):512
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3::
                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                  Malicious:false
                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DFBFD9B33E4A39E6BA.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                  Category:dropped
                                                                  Size (bytes):32768
                                                                  Entropy (8bit):1.441081002459636
                                                                  Encrypted:false
                                                                  SSDEEP:96:Y/bpTTe9+Up4Vxgltg5SfrzETRTsOcGoKj:4bpX1eaglS0ETRTPzT
                                                                  MD5:81915E6C656576ACCEBEF0FCE212685D
                                                                  SHA1:60B129B0CAEEDD232777D5197F137B9E59F8F931
                                                                  SHA-256:0D24F411456604EC83744E4013878E115C83BB586FA3570EB4001BD3B20689B8
                                                                  SHA-512:A4CC041B87FE3B0851C5F340E20C5929090DC650F7C72730AD1894F55444313D33B67F26EFA96429422EF2CEDA9C11FAF8A31DD2B43BC18CE1AB74DF94653D7D
                                                                  Malicious:false
                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DFC8E3B5B92F849C1B.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):73728
                                                                  Entropy (8bit):0.23527295531188966
                                                                  Encrypted:false
                                                                  SSDEEP:48:albqo0Qr5AAdlSoAdlSJ6Adq2th2DlihnFlrzETRTszaooSPcMh5p9dwp:sYKhKgltg5SfrzETRTsOcPh5pAp
                                                                  MD5:ECDA3EFE818CEB5AE3AEE630AE5FBF22
                                                                  SHA1:08682B34AA476D967C5DFD91F3AB1A3330C85D1E
                                                                  SHA-256:C9C982A6509A448A74B150B1D5780FAD7CA7D6AB3A84A70EC24E16F952CA17E5
                                                                  SHA-512:409B7D00C9E45B4814D22A9890E44F19804B9A92D6ABA0F36AA85C7265C68A13F7A24993CC359146850E866C42967EC9C8C90B7199D922C33F4292DF8AEEA71B
                                                                  Malicious:false
                                                                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DFDF1FBA74B6F35A2F.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):512
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3::
                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                  Malicious:false
                                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  C:\Windows\Temp\~DFE619B88D3492DE95.TMP
                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                  Category:dropped
                                                                  Size (bytes):20480
                                                                  Entropy (8bit):1.8231698873907254
                                                                  Encrypted:false
                                                                  SSDEEP:96:zhn19jTQ+Up4Vxgltg5SfrzETRTsOcGoKj:N1ZpeaglS0ETRTPzT
                                                                  MD5:C5D9DD34995020B6BE9BAE26B9CB46DE
                                                                  SHA1:E4D419EAA9D19293B40F13F5F13FA86400D4CC42
                                                                  SHA-256:41A5F8FBDA7C4AF5A60C206746C0DBCCA394F43F66B62430C029B6ACAF8BD4B5
                                                                  SHA-512:BE582AF130250E16826A0DA23863C6FE8E99005F0A4F752B8FBE267A8FF6BB3136C39DE383D4CBF3FB8B23F2AA711FCC10D1B8E757C43B67A65338E873E993A0
                                                                  Malicious:false
                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  Static File Info

                                                                  General

                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AirServer Universal (x64), Author: App Dynamic, Keywords: Installer, Comments: This installer database contains the logic and data required to install AirServer Universal (x64)., Template: x64;1033, Revision Number: {EE2DBA36-6558-4C1A-BB78-A00681594571}, Create Time/Date: Tue Sep 22 18:56:32 2020, Last Saved Time/Date: Tue Sep 22 18:56:32 2020, Number of Pages: 405, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                  Entropy (8bit):7.9304813668917955
                                                                  TrID:
                                                                  • Microsoft Windows Installer (77509/1) 63.77%
                                                                  • ClickyMouse macro set (36024/1) 29.64%
                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 6.59%
                                                                  File name:AirServer-5.6.3-x64.msi
                                                                  File size:15478784
                                                                  MD5:d0c1f8b537d6aa6b339158107bd34d3a
                                                                  SHA1:1317ae28f2b43ddfadd1e5311defaa678277be6f
                                                                  SHA256:4a92c6e42fb2bec9fb177f6d379b3e86728d81bfe3f69fc53c175c13532b586f
                                                                  SHA512:5e9c3f8330fd50491f221682fd9819bb4588e6d66aec69991c96acaeb91105d72656b62c33c38eaacfeef4399d786e47389167210bb35d958a36e897fb49321a
                                                                  SSDEEP:393216:f4kLMwFXt2Yz6880kRUBpmiyXpPkB37sj2:fn1FQYz58zRU/Py5PcQj2
                                                                  File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                  File Icon

                                                                  Icon Hash:a2a0b496b2caca72

                                                                  General

                                                                  Document Type:OLE
                                                                  Number of OLE Files:1
                                                                  Signature Valid:true
                                                                  Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                  Signature Validation Error:The operation completed successfully
                                                                  Error Number:0
                                                                  Not Before, Not After
                                                                  • 6/13/2019 2:00:00 AM 6/17/2022 2:00:00 PM
                                                                  Subject Chain
                                                                  • CN=App Dynamic ehf., O=App Dynamic ehf., L=K&#195;&#179;pavogur, C=IS, SERIALNUMBER=4401120480, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IS
                                                                  Version:3
                                                                  Thumbprint MD5:02617A9BBAA95EC93B571C211A98B23A
                                                                  Thumbprint SHA-1:C01E3E229E3FB1304B3559B7B528C21D2CCA52FF
                                                                  Thumbprint SHA-256:79A625B198188D9522EBB9100EDDC87B768D5C89B8F070A95816D86C7E96B675
                                                                  Serial:02A2DD174CA76DAB87C5A63A3B87ED39

                                                                  Indicators

                                                                  Has Summary Info:True
                                                                  Application Name:Windows Installer XML Toolset (3.11.1.2318)
                                                                  Encrypted Document:False
                                                                  Contains Word Document Stream:False
                                                                  Contains Workbook/Book Stream:False
                                                                  Contains PowerPoint Document Stream:False
                                                                  Contains Visio Document Stream:False
                                                                  Contains ObjectPool Stream:
                                                                  Flash Objects Count:
                                                                  Contains VBA Macros:False

                                                                  Summary

                                                                  Code Page:1252
                                                                  Title:Installation Database
                                                                  Subject:AirServer Universal (x64)
                                                                  Author:App Dynamic
                                                                  Keywords:Installer
                                                                  Comments:This installer database contains the logic and data required to install AirServer Universal (x64).
                                                                  Template:x64;1033
                                                                  Revion Number:{EE2DBA36-6558-4C1A-BB78-A00681594571}
                                                                  Create Time:2020-09-22 17:56:32
                                                                  Last Saved Time:2020-09-22 17:56:32
                                                                  Number of Pages:405
                                                                  Number of Words:2
                                                                  Creating Application:Windows Installer XML Toolset (3.11.1.2318)
                                                                  Security:2
                                                                  General
                                                                  Stream Path:\x5DigitalSignature
                                                                  File Type:data
                                                                  Stream Size:8048
                                                                  Entropy:7.07814844707
                                                                  Base64 Encoded:True
                                                                  Data ASCII:0 . . l . . * . H . . . . . . . . . ] 0 . . Y . . . 1 . 0 . . . ` . H . e . . . . . . 0 w . . + . . . . . 7 . . . . i 0 g 0 2 . . + . . . . . 7 . . . 0 $ . . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . 0 1 0 . . . ` . H . e . . . . . . . . . O . . . _ . . . . . . . . . . . . i . . . 2 . 5 . . . . . . . . . I 0 . . . 0 . . m . . . . . . . . . . . L . m . . . . : ; . . 9 0 . . . * . H . . . . . . . . 0 l 1 . 0 . . . U . . . . U S 1 . 0 . . . U . . . . D i g i C e r t I n c 1 . 0 .
                                                                  Data Raw:30 82 1f 6c 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 1f 5d 30 82 1f 59 02 01 01 31 0f 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 30 77 06 0a 2b 06 01 04 01 82 37 02 01 04 a0 69 30 67 30 32 06 0a 2b 06 01 04 01 82 37 02 01 1e 30 24 02 01 02 04 10 f1 10 0c 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 01 00 02 01 00 02 01 00 02 01 00 02 01 00 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01
                                                                  General
                                                                  Stream Path:\x5MsiDigitalSignatureEx
                                                                  File Type:data
                                                                  Stream Size:32
                                                                  Entropy:4.875
                                                                  Base64 Encoded:False
                                                                  Data ASCII:C e ) [ . ) . . . . . . . @ . . . . ; . K . . . . [ . . | . l 1
                                                                  Data Raw:43 65 29 5b c2 29 91 f8 81 87 0c 14 c3 40 a1 bc 9b da 3b d5 4b 90 1e b9 e9 5b 0a bd 7c bf 6c 31
                                                                  General
                                                                  Stream Path:\x5SummaryInformation
                                                                  File Type:data
                                                                  Stream Size:560
                                                                  Entropy:4.72346472404
                                                                  Base64 Encoded:True
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X . . . . . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I n s t a l l a t i o n D a t a b a s e . . . . . . . . . . . A i r S e r v e r U n i v e r s a l ( x 6 4 ) . . . . . . . . . . . A p p
                                                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 00 02 00 00 0e 00 00 00 01 00 00 00 78 00 00 00 02 00 00 00 80 00 00 00 03 00 00 00 a0 00 00 00 04 00 00 00 c4 00 00 00 05 00 00 00 d8 00 00 00 06 00 00 00 ec 00 00 00 07 00 00 00 58 01 00 00 09 00 00 00 6c 01 00 00 0c 00 00 00 9c 01 00 00
                                                                  General
                                                                  Stream Path:\x16786\x17522\x15038\x17772\x16924\x18037\x17768\x16958\x16955
                                                                  File Type:MS Windows icon resource - 17 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                                  Stream Size:136478
                                                                  Entropy:3.59624383778
                                                                  Base64 Encoded:True
                                                                  Data ASCII:. . . . . . . . . . . . . . ( . . . . . . . . . . . . . . . h . . . > . . . . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( ( . . . . . . . . . . F ( . . ( ( . . . . . . . . . . . - . . ( ( . . . . . h . . . . 8 . . 0 0 . . . . . . h . . . . S . . 0 0 . . . . . . . . . . . Y . . 0 0 . . . . . . % . . . h . . @ @ . . . . . . h . . . . . . . @ @ . . . . . . ( . . . > . . . @ @ . . . . . ( B . . f . . . . . . . . . . ( .
                                                                  Data Raw:00 00 01 00 11 00 10 10 10 00 01 00 04 00 28 01 00 00 16 01 00 00 10 10 00 00 01 00 08 00 68 05 00 00 3e 02 00 00 10 10 00 00 01 00 20 00 68 04 00 00 a6 07 00 00 20 20 10 00 01 00 04 00 e8 02 00 00 0e 0c 00 00 20 20 00 00 01 00 08 00 a8 08 00 00 f6 0e 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 9e 17 00 00 28 28 10 00 01 00 04 00 c8 04 00 00 46 28 00 00 28 28 00 00 01 00 08 00 a8 0b
                                                                  General
                                                                  Stream Path:\x17162\x16181\x17768\x16953\x18357\x16678\x18469
                                                                  File Type:Microsoft Cabinet archive data, 13630550 bytes, 22 files
                                                                  Stream Size:13630550
                                                                  Entropy:7.99995357454
                                                                  Base64 Encoded:True
                                                                  Data ASCII:M S C F . . . . V . . . . . . . , . . . . . . . . . . . . . . . . . . . $ . . . . . . . . l . . . . . . . . 6 Q . . . A D R u n t i m e . d l l . 8 3 2 8 B A 3 F _ E 8 2 6 _ 4 5 B 5 _ 8 2 B 3 _ 3 3 1 B 0 9 3 0 C A 8 8 . . 8 . . . l . . . . 6 Q . . . A D S p a r k l e . d l l . 8 3 2 8 B A 3 F _ E 8 2 6 _ 4 5 B 5 _ 8 2 B 3 _ 3 3 1 B 0 9 3 0 C A 8 8 . ` [ . . . . . . . . 6 Q . . . A i r S e r v e r . e x e . ` S . . ` . . . . . 6 Q . . . A i r S e r v e r C o n s o l e . e x e . ` . . . . R . . . . 6
                                                                  Data Raw:4d 53 43 46 00 00 00 00 56 fc cf 00 00 00 00 00 2c 00 00 00 00 00 00 00 03 01 01 00 16 00 00 00 00 00 00 00 24 04 00 00 cc 03 03 15 00 6c 0f 00 00 00 00 00 00 00 36 51 8e 8e 20 00 41 44 52 75 6e 74 69 6d 65 2e 64 6c 6c 2e 38 33 32 38 42 41 33 46 5f 45 38 32 36 5f 34 35 42 35 5f 38 32 42 33 5f 33 33 31 42 30 39 33 30 43 41 38 38 00 00 38 03 00 00 6c 0f 00 00 00 36 51 94 8e 20 00 41
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x15038\x16156\x17896\x17656\x16778\x17207\x17522\x18358\x17383\x18479
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Stream Size:246112
                                                                  Entropy:6.32764937101
                                                                  Base64 Encoded:True
                                                                  Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . < M . _ ] # . _ ] # . _ ] # . . 5 . Z ] # . . 5 & . . ] # . . 5 ' . P ] # . . 5 . W ] # . . 5 & . x ] # . . 5 ' . S ] # . . 5 % . ] ] # . . . & . S ] # . . 5 " . J ] # . _ ] " . . ] # . . 4 * . S ] # . . 4 # . ^ ] # . . 4 . . ^ ] # . . 4 ! . ^ ] # .
                                                                  Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x15038\x17772\x16924\x18037\x17768\x17214\x17574
                                                                  File Type:MS Windows icon resource - 17 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                                  Stream Size:136478
                                                                  Entropy:3.59624383778
                                                                  Base64 Encoded:True
                                                                  Data ASCII:. . . . . . . . . . . . . . ( . . . . . . . . . . . . . . . h . . . > . . . . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( ( . . . . . . . . . . F ( . . ( ( . . . . . . . . . . . - . . ( ( . . . . . h . . . . 8 . . 0 0 . . . . . . h . . . . S . . 0 0 . . . . . . . . . . . Y . . 0 0 . . . . . . % . . . h . . @ @ . . . . . . h . . . . . . . @ @ . . . . . . ( . . . > . . . @ @ . . . . . ( B . . f . . . . . . . . . . ( .
                                                                  Data Raw:00 00 01 00 11 00 10 10 10 00 01 00 04 00 28 01 00 00 16 01 00 00 10 10 00 00 01 00 08 00 68 05 00 00 3e 02 00 00 10 10 00 00 01 00 20 00 68 04 00 00 a6 07 00 00 20 20 10 00 01 00 04 00 e8 02 00 00 0e 0c 00 00 20 20 00 00 01 00 08 00 a8 08 00 00 f6 0e 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 9e 17 00 00 28 28 10 00 01 00 04 00 c8 04 00 00 46 28 00 00 28 28 00 00 01 00 08 00 a8 0b
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16190\x16678\x16796\x16939\x17959\x16943
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Stream Size:294400
                                                                  Entropy:6.52900195019
                                                                  Base64 Encoded:True
                                                                  Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . 0 . b . t . . . t . . . t . . . . & . . } . . . . & . . . . . . . & . . l . . . . . . . e . . . . . . . d . . . . . . . o . . . } . . . p . . . } . . . c . . . t . . . . . . . . . . . 4 . . . . . . . u . . . . . . . u . . . t . . . u . . . . . . . u . . .
                                                                  Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16190\x16678\x18126\x16808\x17912\x18472
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Stream Size:222720
                                                                  Entropy:6.60530108962
                                                                  Base64 Encoded:True
                                                                  Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . 4 . . . U . . . U . . . U . . Q . ) . . U . . Q . + . . U . . Q . * . . U . . < 7 . . . U . . < 7 . . . U . . < 7 . . . U . . . - [ . . U . . . - K . . U . . . U . . . U . . A 6 . . . U . . A 6 . . . U . . A 6 ' . . U . . . U O . . U . . A 6 . . . U . .
                                                                  Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16446\x18156\x14988
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Stream Size:207360
                                                                  Entropy:6.57420936449
                                                                  Base64 Encoded:True
                                                                  Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . . . . . . . . . . . . . . . . ! E s . . . . . ! E q . . . . . ! E p . . . . . L . . . . . . . L . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . . . . h . . . 1 . . . . . . . 1 . . . . . . . 1 . } . . . . . . . . . . . . . 1 . . . . . . .
                                                                  Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15103\x17508\x16945\x18485
                                                                  File Type:PC bitmap, Windows 95/NT4 and newer format, 493 x 58 x 8
                                                                  Stream Size:29914
                                                                  Entropy:0.952341263772
                                                                  Base64 Encoded:True
                                                                  Data ASCII:B M . t . . . . . . z . . . l . . . . . . . : . . . . . . . . . . . ` p . . . . . . . . . . . . . . . . . . B G R s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . ! . % ! ! . & " $ . ' % ' . ( # $ . ) & & . * & ( . + ( ( . , ) ) . . + . . / , , . 0 -
                                                                  Data Raw:42 4d da 74 00 00 00 00 00 00 7a 04 00 00 6c 00 00 00 ed 01 00 00 3a 00 00 00 01 00 08 00 00 00 00 00 60 70 00 00 13 0b 00 00 13 0b 00 00 00 01 00 00 00 01 00 00 42 47 52 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 02
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15231\x16684\x17583\x18474
                                                                  File Type:PC bitmap, Windows 95/NT4 and newer format, 493 x 312 x 8
                                                                  Stream Size:155898
                                                                  Entropy:0.521018180514
                                                                  Base64 Encoded:False
                                                                  Data ASCII:B M . ` . . . . . . z . . . l . . . . . . . 8 . . . . . . . . . . . . \\ . . . . . . . . . . . . . . . . . . B G R s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . ! . . ! . . $ . ! . " . $ ! ! . % ! $ . ( # $ . ( $
                                                                  Data Raw:42 4d fa 60 02 00 00 00 00 00 7a 04 00 00 6c 00 00 00 ed 01 00 00 38 01 00 00 01 00 08 00 00 00 00 00 80 5c 02 00 13 0b 00 00 13 0b 00 00 00 01 00 00 00 01 00 00 42 47 52 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 03 02
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15871\x18088
                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
                                                                  Stream Size:318
                                                                  Entropy:2.03444158006
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . ( . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x16319\x18483
                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
                                                                  Stream Size:318
                                                                  Entropy:2.03693614652
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . ( . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:00 00 01 00 01 00 10 10 10 00 00 00 00 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 c0 c0 c0 00 80 80 80 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 00 00
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15551\x17574\x15295\x16827\x16687\x18480
                                                                  File Type:MS Windows icon resource - 1 icon, 32x32, 16 colors
                                                                  Stream Size:766
                                                                  Entropy:3.3484862649
                                                                  Base64 Encoded:True
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3 1 . . . . . . . . . . . . 3 3 2 3 3 3 3 3 3 3 3 3 3 3 3 . 3 3 $ D D D D D D D D D D D @ 1 . 2 D D D D D D D D D D D D D . . 2 D D D D D D @ D D D D D D C . 2 D D D D D D 3 4 D D D D D C . 2 D D D D D @ 3 0 D D D D D . . 3 $ D D D D D 3 4 D D D D D 1 . 3 $
                                                                  Data Raw:00 00 01 00 01 00 20 20 10 00 00 00 00 00 e8 02 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 c0 c0 00 80 80 80 00 00 80 80 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 33
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x15551\x17574\x15551\x17009\x18482
                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors
                                                                  Stream Size:1078
                                                                  Entropy:2.86422695486
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . & . . . . . . . . . . . ( . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . w p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . p . . . . . . . . . . w w . . . w w . . . . . .
                                                                  Data Raw:00 00 01 00 02 00 20 20 10 00 00 00 00 00 e8 02 00 00 26 00 00 00 10 10 10 00 00 00 00 00 28 01 00 00 0e 03 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00 80 80 00 00 80 80 80 00 c0 c0 c0 00 00 00 ff 00 00 ff 00 00 00 ff ff 00 ff 00
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16446\x18156\x15518\x17184\x16827\x18468
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Stream Size:107008
                                                                  Entropy:6.51826752526
                                                                  Base64 Encoded:True
                                                                  Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . ; . . . . k . V . k . V . k . V . . b V v k . V . . ` V . k . V . . a V g k . V . . . W n k . V . . . W o k . V . . . W i k . V v . . V l k . V . k . V . k . V . . . W o k . V . . . W ~ k . V . . l V ~ k . V . k . V ~ k . V . . . W ~ k . V R i c h . k . V
                                                                  Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
                                                                  General
                                                                  Stream Path:\x17163\x16689\x18229\x16446\x18156\x17167\x16949\x16698\x17391\x14988
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Stream Size:121344
                                                                  Entropy:6.56554024133
                                                                  Base64 Encoded:True
                                                                  Data ASCII:M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . . . . . g k . . g k . . g k . 3 . . . . g k . 3 . . . . g k . 3 . . . . g k . ^ . h . . g k . ^ . o . . g k . ^ . n . . g k . . . . . . g k . . g j . * g k . # . n . . g k . # . k . . g k . # . . . . g k . . g . . . g k . # . i . . g k . R i c h . g k .
                                                                  Data Raw:4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00
                                                                  General
                                                                  Stream Path:\x18496\x15167\x17394\x17464\x17841
                                                                  File Type:data
                                                                  Stream Size:1776
                                                                  Entropy:5.10325605675
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . " . " . " . ( . ( . ( . . . . . . . / . / . / . 0 . 0 . 1 . 1 . 6 . 6 . : . : . > . > . > . > . > . > . D . D . D . L . L . L . L . L . L . L . L . L . L . L . L . N . N . N . N . N . N . N . N . N . N . ` . ` . ` . ` . g . g . g . g . g . g . p . p . p . p . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 22 00 22 00 22 00 28 00 28 00 28 00 2e 00 2e 00 2e 00 2f 00 2f 00 2f 00 30 00 30 00 31 00 31 00 36 00 36 00 3a 00 3a 00 3e 00 3e 00 3e 00 3e 00 3e 00 3e 00 44 00 44 00 44 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 60 00 60 00 60 00
                                                                  General
                                                                  Stream Path:\x18496\x15518\x16925\x17915
                                                                  File Type:data
                                                                  Stream Size:204
                                                                  Entropy:4.43594708352
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 . . . . . . . . . . .
                                                                  Data Raw:86 02 91 05 92 05 93 05 94 05 95 05 96 05 98 05 9a 05 9c 05 9e 05 a0 05 a2 05 a4 05 a7 05 a8 05 aa 05 ac 05 ae 05 b0 05 b2 05 b4 05 b6 05 b8 05 ba 05 bc 05 be 05 c0 05 c2 05 c4 05 c6 05 c8 05 ca 05 cc 05 ce 05 d0 05 d2 05 d4 05 d6 05 d8 05 da 05 dc 05 de 05 e0 05 e2 05 e4 05 e5 05 e7 05 e9 05 eb 05 ed 05 a6 05 00 00 92 05 93 05 94 05 95 05 97 05 99 05 9b 05 9d 05 9f 05 a1 05 a3 05
                                                                  General
                                                                  Stream Path:\x18496\x16191\x17783\x17516\x15210\x17892\x18468
                                                                  File Type:ASCII text, with very long lines, with CRLF, LF line terminators
                                                                  Stream Size:79608
                                                                  Entropy:5.16979724797
                                                                  Base64 Encoded:True
                                                                  Data ASCII:N a m e T a b l e T y p e C o l u m n V a l u e _ V a l i d a t i o n N P r o p e r t y I d _ S u m m a r y I n f o r m a t i o n D e s c r i p t i o n S e t C a t e g o r y K e y C o l u m n M a x V a l u e N u l l a b l e K e y T a b l e M i n V a l u e I d e n t i f i e r N a m e o f t a b l e N a m e o f c o l u m n Y ; N W h e t h e r t h e c o l u m n i s n u l l a b l e Y M i n i m u m v a l u e a l l o w e d M a x i m u m v a l u e a l l o w e d F o r f o r e i g n k e y
                                                                  Data Raw:4e 61 6d 65 54 61 62 6c 65 54 79 70 65 43 6f 6c 75 6d 6e 56 61 6c 75 65 5f 56 61 6c 69 64 61 74 69 6f 6e 4e 50 72 6f 70 65 72 74 79 49 64 5f 53 75 6d 6d 61 72 79 49 6e 66 6f 72 6d 61 74 69 6f 6e 44 65 73 63 72 69 70 74 69 6f 6e 53 65 74 43 61 74 65 67 6f 72 79 4b 65 79 43 6f 6c 75 6d 6e 4d 61 78 56 61 6c 75 65 4e 75 6c 6c 61 62 6c 65 4b 65 79 54 61 62 6c 65 4d 69 6e 56 61 6c 75 65
                                                                  General
                                                                  Stream Path:\x18496\x16191\x17783\x17516\x15978\x17586\x18479
                                                                  File Type:data
                                                                  Stream Size:6336
                                                                  Entropy:3.53480411418
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G . . . . . . . . . . . . . . . . . . . g . . . . . . . . . 6 . . . $ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T . . . . . . . j . . . . . . . B . . . . . . . . . . . . . . . o . . . . . . . . . . . . . . . . . . . ( . . . . . . . 5 . . . . . . . . . . . ' . . . . . . . . . . . . . . . ( . . . . . . . * . . . . . . . ; . . .
                                                                  Data Raw:e4 04 00 00 04 00 10 00 05 00 02 00 00 00 00 00 04 00 06 00 06 00 02 00 05 00 0d 00 0b 00 15 00 01 00 86 00 0a 00 01 00 13 00 02 00 0b 00 25 00 03 00 02 00 08 00 02 00 09 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 0a 00 47 00 0d 00 01 00 0e 00 01 00 03 00 01 00 1e 00 01 00 01 00 67 00 15 00 01 00 15 00 01 00 36 00 01 00 24 00 01 00 f5 00 01 00 0f 00 01 00 04 00 8e 00
                                                                  General
                                                                  Stream Path:\x18496\x16255\x16740\x16943\x18486
                                                                  File Type:data
                                                                  Stream Size:86
                                                                  Entropy:4.06610502677
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . " . ( . . . / . 0 . 1 . 6 . : . > . D . L . N . ` . g . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . : . = . J . [ . . . . .
                                                                  Data Raw:07 00 22 00 28 00 2e 00 2f 00 30 00 31 00 36 00 3a 00 3e 00 44 00 4c 00 4e 00 60 00 67 00 70 00 8f 00 93 00 96 00 98 00 9d 00 ab 00 bc 00 bf 00 c0 00 c1 00 c4 00 ca 00 d6 00 df 00 e4 00 ed 00 f7 00 fa 00 05 01 1f 01 30 01 3a 01 3d 01 4a 01 5b 01 01 06 1c 06
                                                                  General
                                                                  Stream Path:\x18496\x16383\x17380\x16876\x17892\x17580\x18481
                                                                  File Type:data
                                                                  Stream Size:5496
                                                                  Entropy:2.6433799068
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . " . " . " . ( . ( . ( . . . . . . . / . / . / . 0 . 0 . 1 . 1 . 6 . 6 . : . : . > . > . > . > . > . > . D . D . D . L . L . L . L . L . L . L . L . L . L . L . L . N . N . N . N . N . N . N . N . N . N . ` . ` . ` . ` . g . g . g . g . g . g . p . p . p . p . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 0a 00 0a 00 22 00 22 00 22 00 28 00 28 00 28 00 2e 00 2e 00 2e 00 2f 00 2f 00 2f 00 30 00 30 00 31 00 31 00 36 00 36 00 3a 00 3a 00 3e 00 3e 00 3e 00 3e 00 3e 00 3e 00 44 00 44 00 44 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4c 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 60 00
                                                                  General
                                                                  Stream Path:\x18496\x16661\x17528\x17126\x17548\x16881\x17900\x17580\x18481
                                                                  File Type:data
                                                                  Stream Size:4
                                                                  Entropy:1.5
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . .
                                                                  Data Raw:13 05 14 05
                                                                  General
                                                                  Stream Path:\x18496\x16667\x17191\x15090\x17912\x17591\x18481
                                                                  File Type:data
                                                                  Stream Size:144
                                                                  Entropy:3.88825003242
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . J . J . J . _ . _ . _ . . . . . . . . . . . . . . . . . w . ~ . v . O . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . . . 2 . ' . ' . . . . . . . , . , . , . . . . . . . . . . . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:d8 02 d8 02 4a 03 4a 03 4a 03 5f 03 5f 03 5f 03 01 80 02 80 01 80 02 80 03 80 01 80 02 80 03 80 77 05 7e 05 76 02 4f 02 78 05 ec 03 ea 03 e8 03 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 14 80 00 80 19 80 32 80 00 80 19 80 32 80 27 81 27 81 18 81 18 81 18 81 2c 81 2c 81 2c 81 10 80 10 80 14 80 14 80 14 80 14 80 14 80 14 80 7d 05 7f 05 80 05 81 05 82 05 83 05 84 05 85 05
                                                                  General
                                                                  Stream Path:\x18496\x16778\x17207\x17522\x16925\x17915
                                                                  File Type:data
                                                                  Stream Size:492
                                                                  Entropy:4.95553905903
                                                                  Base64 Encoded:False
                                                                  Data ASCII:0 . d . f . h . j . l . m . n . p . s . v . x . y . z . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . e . g . i . k . i . k . o . q . t . w . w . w . { . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:30 00 64 01 66 01 68 01 6a 01 6c 01 6d 01 6e 01 70 01 73 01 76 01 78 01 79 01 7a 01 7d 01 80 01 83 01 85 01 88 01 8b 01 8e 01 91 01 96 01 99 01 9b 01 9e 01 a1 01 a3 01 a6 01 a8 01 ab 01 ad 01 b0 01 b2 01 b5 01 b7 01 ba 01 bd 01 c0 01 c3 01 c5 01 c8 01 cb 01 ce 01 d0 01 d2 01 d5 01 d7 01 da 01 dc 01 dd 01 e0 01 e2 01 e4 01 e6 01 e8 01 ea 01 ec 01 ee 01 f1 01 f3 01 f5 01 f7 01 f9 01
                                                                  General
                                                                  Stream Path:\x18496\x16786\x17522
                                                                  File Type:mumps avl global (V1)
                                                                  Stream Size:4
                                                                  Entropy:2.0
                                                                  Base64 Encoded:False
                                                                  Data ASCII:Y . . .
                                                                  Data Raw:59 02 01 00
                                                                  General
                                                                  Stream Path:\x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934
                                                                  File Type:data
                                                                  Stream Size:48
                                                                  Entropy:3.62111536517
                                                                  Base64 Encoded:False
                                                                  Data ASCII:n . p . s . v . x . y . . . . . . . . . . . . . . . . . . . . x . . . < . . . . . . . . . .
                                                                  Data Raw:6e 01 70 01 73 01 76 01 78 01 79 01 1f 02 20 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 85 a0 8f 3c 8f 84 83 20 83 e8 83 dc 85 c8 99
                                                                  General
                                                                  Stream Path:\x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472
                                                                  File Type:data
                                                                  Stream Size:42
                                                                  Entropy:3.59308810337
                                                                  Base64 Encoded:False
                                                                  Data ASCII:v . x . y . ! . " . # . $ . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:76 01 78 01 79 01 21 02 22 02 23 02 24 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 83 20 83 e8 83 fd 7f fe 7f ff 7f 14 85
                                                                  General
                                                                  Stream Path:\x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472
                                                                  File Type:data
                                                                  Stream Size:48
                                                                  Entropy:3.50680560889
                                                                  Base64 Encoded:False
                                                                  Data ASCII:n . x . y . z . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . .
                                                                  Data Raw:6e 01 78 01 79 01 7a 01 80 01 83 01 1f 02 20 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 85 20 83 e8 83 94 91 9c 98 00 99 dc 85 c8 99
                                                                  General
                                                                  Stream Path:\x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486
                                                                  File Type:data
                                                                  Stream Size:108
                                                                  Entropy:3.76903556781
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . T . W . Y . [ . ] . _ . a . c . e . g . i . k . m . o . q . . . . . . . . . . . . . . . w . s . y . { .
                                                                  Data Raw:d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d6 04 d9 04 d9 04 d9 04 d9 04 d9 04 d9 04 d9 04 db 04 dc 04 df 04 e2 04 51 02 54 02 57 02 59 02 5b 02 5d 02 5f 02 61 02 63 02 65 02 67 02 69 02 6b 02 6d 02 6f 02 71 02 06 06 09 06 0c 06 10 06 13 06 16 06 19 06 77 02 73 02 79 02 7b 02
                                                                  General
                                                                  Stream Path:\x18496\x16911\x17892\x17784\x18472
                                                                  File Type:data
                                                                  Stream Size:96
                                                                  Entropy:3.51156920086
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:d6 04 d9 04 db 04 dc 04 df 04 e2 04 00 00 00 00 dc 04 00 00 dc 04 dc 04 d7 04 da 04 dd 04 e5 04 e0 04 e3 04 d8 04 00 00 de 04 e6 04 e1 04 e4 04 02 80 00 80 02 80 03 80 04 80 06 80 01 80 01 80 01 80 01 80 01 80 01 80 00 00 00 00 00 00 00 00 00 00 00 00 18 80 08 80 08 80 18 80 08 80 08 80
                                                                  General
                                                                  Stream Path:\x18496\x16918\x17191\x18468
                                                                  File Type:MIPSEB Ucode
                                                                  Stream Size:14
                                                                  Entropy:2.27094242175
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . .
                                                                  Data Raw:01 80 16 00 00 80 15 05 16 05 00 00 00 00
                                                                  General
                                                                  Stream Path:\x18496\x16923\x15722\x16818\x17892\x17778
                                                                  File Type:data
                                                                  Stream Size:140
                                                                  Entropy:3.76856571235
                                                                  Base64 Encoded:False
                                                                  Data ASCII:& . ( . * . , . . . 0 . 2 . 4 . 6 . 8 . : . < . > . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:26 02 28 02 2a 02 2c 02 2e 02 30 02 32 02 34 02 36 02 38 02 3a 02 3c 02 3e 02 40 02 02 80 01 80 01 80 01 80 01 80 02 80 02 80 02 80 01 80 01 80 01 80 02 80 02 80 02 80 87 05 87 05 89 05 86 05 8b 05 89 05 86 05 86 05 89 05 86 05 8b 05 89 05 86 05 86 05 88 05 88 05 8a 05 8a 05 8a 05 8a 05 8a 05 8a 05 fe 03 fe 03 fe 03 fe 03 fe 03 fe 03 11 80 11 80 12 80 12 80 12 80 02 80 02 80 12 80
                                                                  General
                                                                  Stream Path:\x18496\x16923\x17194\x17910\x18229
                                                                  File Type:data
                                                                  Stream Size:12
                                                                  Entropy:2.75162916739
                                                                  Base64 Encoded:False
                                                                  Data ASCII:S . . . . . . . . . Q .
                                                                  Data Raw:53 02 ff 7f 86 05 00 00 00 00 51 02
                                                                  General
                                                                  Stream Path:\x18496\x16923\x17584\x16953\x17167\x16943
                                                                  File Type:data
                                                                  Stream Size:10
                                                                  Entropy:1.84643934467
                                                                  Base64 Encoded:False
                                                                  Data ASCII:Q . Q . . . Q . . .
                                                                  Data Raw:51 02 51 02 00 00 51 02 02 80
                                                                  General
                                                                  Stream Path:\x18496\x16925\x17915\x17884\x17404\x18472
                                                                  File Type:data
                                                                  Stream Size:36
                                                                  Entropy:2.6070177096
                                                                  Base64 Encoded:False
                                                                  Data ASCII:s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:73 05 8f 05 90 05 8e 05 8e 05 8e 05 08 80 0c 80 09 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 80
                                                                  General
                                                                  Stream Path:\x18496\x17100\x16808\x15086\x18162
                                                                  File Type:data
                                                                  Stream Size:8
                                                                  Entropy:1.75
                                                                  Base64 Encoded:False
                                                                  Data ASCII:N . P . O . O .
                                                                  Data Raw:4e 02 50 02 4f 02 4f 02
                                                                  General
                                                                  Stream Path:\x18496\x17116\x17778\x16823\x17912
                                                                  File Type:DOS executable (COM, 0x8C-variant)
                                                                  Stream Size:32
                                                                  Entropy:2.70755479887
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . Q . . . Y . . . . . _ . . . Y . . . . . V . . . . . . . . .
                                                                  Data Raw:8c 05 51 02 8d 05 59 02 d6 04 00 00 5f 05 00 00 59 02 00 80 00 00 56 02 00 00 00 00 00 00 00 00
                                                                  General
                                                                  Stream Path:\x18496\x17163\x16689\x18229
                                                                  File Type:data
                                                                  Stream Size:52
                                                                  Entropy:2.92510992954
                                                                  Base64 Encoded:False
                                                                  Data ASCII:A . B . C . D . E . F . G . H . I . J . K . L . M . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:41 02 42 02 43 02 44 02 45 02 46 02 47 02 48 02 49 02 4a 02 4b 02 4c 02 4d 02 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00
                                                                  General
                                                                  Stream Path:\x18496\x17165\x16949\x17894\x17778\x18492
                                                                  File Type:data
                                                                  Stream Size:42
                                                                  Entropy:3.41314441458
                                                                  Base64 Encoded:False
                                                                  Data ASCII:Q . V . u . . . . # . . . # . . . . . . u . u . V . $ . . . % . ! . " . " . " .
                                                                  Data Raw:51 02 56 02 75 02 1e 04 20 04 23 04 05 06 23 04 1e 04 00 00 20 04 75 02 75 02 56 02 24 04 1f 04 25 04 21 04 22 04 22 04 22 04
                                                                  General
                                                                  Stream Path:\x18496\x17165\x17380\x17074
                                                                  File Type:data
                                                                  Stream Size:594
                                                                  Entropy:4.14203148659
                                                                  Base64 Encoded:False
                                                                  Data ASCII:! . " . # . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ? . E . F . P . Y . ` . r . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . r . r . r . r . r . r . . . . . r . r . r . r . r . . . r . r . . . r . r . r . r . r . r . r . r . r . r . . . . . . . . . . . . . U . i . . . . . . . . . . . U . . . . . U . . . . . . .
                                                                  Data Raw:21 02 22 02 23 02 7d 02 93 02 ae 02 b5 02 bc 02 cb 02 d5 02 da 02 de 02 f7 02 fd 02 02 03 06 03 0a 03 12 03 16 03 20 03 3f 03 45 03 46 03 50 03 59 03 60 03 72 03 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80
                                                                  General
                                                                  Stream Path:\x18496\x17167\x16943
                                                                  File Type:data
                                                                  Stream Size:440
                                                                  Entropy:4.63890559575
                                                                  Base64 Encoded:False
                                                                  Data ASCII:T . W . Y . [ . ] . _ . a . c . e . g . i . k . m . o . q . . . . . . . . . . . . . . . T . W . Y . [ . ] . _ . a . c . e . g . i . k . m . o . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ? 2 . . 9 . . . ` [ . . ` S . . ` y . . ` . . . . . . ` A . . ` . . . ` . ? . ` . . . ` ' . . ` O . . ` . . . ` a D . . l . . . . . . . 8 . . . . . . . . . . . . . . . O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:54 02 57 02 59 02 5b 02 5d 02 5f 02 61 02 63 02 65 02 67 02 69 02 6b 02 6d 02 6f 02 71 02 07 06 0a 06 0d 06 11 06 14 06 17 06 1a 06 54 02 57 02 59 02 5b 02 5d 02 5f 02 61 02 63 02 65 02 67 02 69 02 6b 02 6d 02 6f 02 71 02 06 06 09 06 0c 06 10 06 13 06 16 06 19 06 e7 04 e8 04 e9 04 ec 04 ed 04 ee 04 ef 04 f0 04 f1 04 f2 04 f3 04 f4 04 f5 04 f6 04 f7 04 04 06 08 06 0b 06 0f 06 12 06
                                                                  General
                                                                  Stream Path:\x18496\x17184\x15355\x17772\x18088\x17380\x15279\x16827\x17640\x17207\x17522
                                                                  File Type:data
                                                                  Stream Size:48
                                                                  Entropy:3.31372187554
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . g . g . . . . . . . . . . . . . . . . . Y . Y . . . . .
                                                                  Data Raw:f5 05 f8 05 f6 05 f9 05 f7 05 f7 05 00 00 00 00 06 80 11 80 67 05 67 05 01 00 00 80 01 00 00 80 ff ff ff ff ff ff ff ff 59 02 59 02 00 00 00 00
                                                                  General
                                                                  Stream Path:\x18496\x17441\x15343\x17388\x18472
                                                                  File Type:data
                                                                  Stream Size:36
                                                                  Entropy:3.52262030953
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . a . a . . . . .
                                                                  Data Raw:fa 05 fe 05 cb 04 cb 04 fb 05 ff 05 fc 05 00 06 fd 05 fd 05 04 10 00 80 04 10 00 80 61 02 61 02 00 00 00 00
                                                                  General
                                                                  Stream Path:\x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934
                                                                  File Type:data
                                                                  Stream Size:390
                                                                  Entropy:5.59438798323
                                                                  Base64 Encoded:False
                                                                  Data ASCII:0 . d . f . h . j . l . m . n . p . v . x . y . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:30 00 64 01 66 01 68 01 6a 01 6c 01 6d 01 6e 01 70 01 76 01 78 01 79 01 7a 01 80 01 83 01 a1 01 a3 01 ab 01 ad 01 b5 01 bd 01 c3 01 cb 01 ce 01 d7 01 da 01 ea 01 fe 01 15 02 17 02 1f 02 20 02 9d 03 d1 03 d4 03 d7 03 da 03 dd 03 e0 03 e3 03 e6 03 e7 03 e9 03 eb 03 ed 03 ee 03 ef 03 f2 03 f4 03 f6 03 f8 03 fa 03 fc 03 fd 03 00 04 02 04 04 04 06 04 08 04 0a 04 0b 04 12 04 13 04 19 04
                                                                  General
                                                                  Stream Path:\x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472
                                                                  File Type:data
                                                                  Stream Size:258
                                                                  Entropy:5.21336259893
                                                                  Base64 Encoded:False
                                                                  Data ASCII:0 . v . x . y . . . . . . . ! . " . # . $ . . . . . . . . . r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . . . . . . d . . . . . . . . . . . 1 . . . . . . . . . . . _ . ^ . c . b . a . ` . . . . . . . . . . . . . 8 . 5 . 4 . 7 . 6 . 3 . 9 . ? . < . ; . > . = . : .
                                                                  Data Raw:30 00 76 01 78 01 79 01 a3 01 ab 01 ad 01 21 02 22 02 23 02 24 02 da 02 de 02 f7 02 12 03 72 03 d1 03 d4 03 d7 03 da 03 dd 03 e0 03 e3 03 e6 03 e7 03 e9 03 eb 03 ed 03 ee 03 ef 03 f2 03 f4 03 f6 03 f8 03 fa 03 fc 03 fd 03 00 04 02 04 04 04 06 04 08 04 f9 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 05 10 05 12 05 00 00 00 00 00 00 00 00 00 00
                                                                  General
                                                                  Stream Path:\x18496\x17548\x17648\x17522\x17512\x18487
                                                                  File Type:data
                                                                  Stream Size:324
                                                                  Entropy:3.9971748486
                                                                  Base64 Encoded:False
                                                                  Data ASCII:Q . T . W . Y . [ . ] . _ . a . c . e . g . i . k . m . o . q . s . w . y . { . . . . . . . . . . . . . . . R . U . X . Z . \\ . ^ . ` . b . d . f . h . j . l . n . p . r . t . x . z . | . ) . * . + . , . - . . . / . Q . V . V . V . V . V . V . V . V . V . V . V . V . V . V . V . u . u . u . u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v . v . v . v .
                                                                  Data Raw:51 02 54 02 57 02 59 02 5b 02 5d 02 5f 02 61 02 63 02 65 02 67 02 69 02 6b 02 6d 02 6f 02 71 02 73 02 77 02 79 02 7b 02 06 06 09 06 0c 06 10 06 13 06 16 06 19 06 52 02 55 02 58 02 5a 02 5c 02 5e 02 60 02 62 02 64 02 66 02 68 02 6a 02 6c 02 6e 02 70 02 72 02 74 02 78 02 7a 02 7c 02 29 06 2a 06 2b 06 2c 06 2d 06 2e 06 2f 06 51 02 56 02 56 02 56 02 56 02 56 02 56 02 56 02 56 02 56 02
                                                                  General
                                                                  Stream Path:\x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522
                                                                  File Type:data
                                                                  Stream Size:600
                                                                  Entropy:4.14077246378
                                                                  Base64 Encoded:False
                                                                  Data ASCII:# . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ? . ? . E . E . F . F . F . F . ` . ` . ` . ` . ` . ` . ` . ` . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . F . . . . . . . . . . . . . . . ! . ! . ! . # . # . # . $ . $ . $ . ' . ' . ( . ( . * . * . + . - . / . 1 . 3 .
                                                                  Data Raw:23 02 23 02 93 02 93 02 93 02 93 02 de 02 de 02 de 02 de 02 de 02 de 02 de 02 de 02 de 02 de 02 f7 02 f7 02 12 03 12 03 12 03 12 03 16 03 16 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 20 03 3f 03 3f 03 45 03 45 03 46 03 46 03
                                                                  General
                                                                  Stream Path:\x18496\x17548\x17905\x17589\x15279\x16953\x17905
                                                                  File Type:data
                                                                  Stream Size:1992
                                                                  Entropy:4.41455218472
                                                                  Base64 Encoded:False
                                                                  Data ASCII:! . " . # . # . } . } . } . } . } . } . } . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ? . ? . ? . ? . ? .
                                                                  Data Raw:21 02 22 02 23 02 23 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 ae 02 b5 02 b5 02 bc 02 bc 02 bc 02 bc 02 bc 02 bc 02 bc 02 cb 02 cb 02 cb 02 d5 02 d5 02 d5 02 da 02 de 02 f7 02 f7 02 f7 02 f7 02 f7 02 f7 02 f7 02 f7 02 f7 02 f7 02 f7 02 f7 02 f7 02 fd 02 02 03 02 03 02 03 06 03 0a 03 12 03 12 03 12 03 16 03 16 03 16 03
                                                                  General
                                                                  Stream Path:\x18496\x17548\x17905\x17589\x18479
                                                                  File Type:data
                                                                  Stream Size:7150
                                                                  Entropy:4.23420421658
                                                                  Base64 Encoded:False
                                                                  Data ASCII:! . ! . ! . ! . ! . ! . ! . " . " . " . " . " . " . " . # . # . # . # . # . # . # . # . # . # . } . } . } . } . } . } . } . } . } . } . } . } . } . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:21 02 21 02 21 02 21 02 21 02 21 02 21 02 22 02 22 02 22 02 22 02 22 02 22 02 22 02 23 02 23 02 23 02 23 02 23 02 23 02 23 02 23 02 23 02 23 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 7d 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 ae 02 ae 02 ae 02 ae 02 ae 02 ae 02 ae 02 ae 02
                                                                  General
                                                                  Stream Path:\x18496\x17558\x17959\x16943\x17180\x17514\x17892\x17784\x18472
                                                                  File Type:data
                                                                  Stream Size:6
                                                                  Entropy:2.58496250072
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . p .
                                                                  Data Raw:03 06 00 80 70 05
                                                                  General
                                                                  Stream Path:\x18496\x17558\x17959\x16943\x17548\x17648\x17522\x17512\x17847
                                                                  File Type:data
                                                                  Stream Size:42
                                                                  Entropy:2.59332189189
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:06 06 09 06 0c 06 10 06 13 06 16 06 19 06 03 06 03 06 03 06 03 06 03 06 03 06 03 06 00 80 00 80 00 80 00 80 00 80 00 80 00 80
                                                                  General
                                                                  Stream Path:\x18496\x17610\x16179\x16680\x16821\x18475
                                                                  File Type:data
                                                                  Stream Size:56
                                                                  Entropy:3.40367746103
                                                                  Base64 Encoded:False
                                                                  Data ASCII:% . ' . ) . + . - . / . 1 . 3 . 5 . 7 . 9 . ; . = . ? . & . ( . * . , . . . 0 . 2 . 4 . 6 . 8 . : . < . > . @ .
                                                                  Data Raw:25 02 27 02 29 02 2b 02 2d 02 2f 02 31 02 33 02 35 02 37 02 39 02 3b 02 3d 02 3f 02 26 02 28 02 2a 02 2c 02 2e 02 30 02 32 02 34 02 36 02 38 02 3a 02 3c 02 3e 02 40 02
                                                                  General
                                                                  Stream Path:\x18496\x17630\x17770\x16868\x18472
                                                                  File Type:data
                                                                  Stream Size:48
                                                                  Entropy:2.54296055405
                                                                  Base64 Encoded:False
                                                                  Data ASCII:q . q . . . . . p . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:71 05 71 05 f1 05 00 00 70 05 f2 05 70 05 00 00 f3 05 00 00 00 00 00 00 01 00 00 80 02 00 00 80 00 00 00 80 00 00 00 00 00 00 ef 05 f0 05 f4 05
                                                                  General
                                                                  Stream Path:\x18496\x17742\x17589\x18485
                                                                  File Type:data
                                                                  Stream Size:672
                                                                  Entropy:5.75642369509
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . M . . . . . . . . . . . . . . . . . . . . . . . . ! . " . # . $ . % . & . ' . ( . ) . * . + . , . - . . . / . 0 . 1 . 2 . 3 . 4 . 5 . 6 . 7 . 8 . y . z . { . | . } . ~ . . . . . . . . . . . . . . . . . A . B . C . D . E . F . G . H . I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . m . n . o .
                                                                  Data Raw:00 80 01 80 02 80 03 80 04 80 05 80 06 80 07 80 08 80 09 80 0a 80 0b 80 0c 80 0d 80 0e 80 0f 80 10 80 11 80 12 80 13 80 14 80 15 80 16 80 17 80 20 80 21 80 4d 84 15 85 16 85 17 85 18 85 19 85 1a 85 1b 85 1c 85 1d 85 1e 85 1f 85 20 85 21 85 22 85 23 85 24 85 25 85 26 85 27 85 28 85 29 85 2a 85 2b 85 2c 85 2d 85 2e 85 2f 85 30 85 31 85 32 85 33 85 34 85 35 85 36 85 37 85 38 85 79 85
                                                                  General
                                                                  Stream Path:\x18496\x17753\x16104\x17704\x17208\x17206\x16951\x16246\x16740\x16943
                                                                  File Type:data
                                                                  Stream Size:238
                                                                  Entropy:4.22373550731
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . . . . . # . ' . * . - . 0 . 3 . 5 . 8 . < . @ . C . G . K . O . . . . . . $ . $ . $ . $ . $ . $ . $ . 9 . = . A . D . H . L . P . . . . . ! . % . ( . + . . . 1 . . . 6 . : . > . A . E . I . M . Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . & . ) . , . / . 2 . 4 . 7 . ; . ? . B . F . J . N . R .
                                                                  Data Raw:17 05 1b 05 1f 05 23 05 27 05 2a 05 2d 05 30 05 33 05 35 05 38 05 3c 05 40 05 43 05 47 05 4b 05 4f 05 18 05 1c 05 20 05 24 05 24 05 24 05 24 05 24 05 24 05 24 05 39 05 3d 05 41 05 44 05 48 05 4c 05 50 05 19 05 1d 05 21 05 25 05 28 05 2b 05 2e 05 31 05 2e 05 36 05 3a 05 3e 05 41 05 45 05 49 05 4d 05 51 05 01 80 01 80 01 80 01 80 01 80 01 80 01 80 01 80 01 80 01 80 01 80 01 80 01 80
                                                                  General
                                                                  Stream Path:\x18496\x17753\x17650\x17768\x18231
                                                                  File Type:data
                                                                  Stream Size:124
                                                                  Entropy:4.50606554095
                                                                  Base64 Encoded:False
                                                                  Data ASCII:. . > . N . . . J . V . _ . } . . . S . T . V . Y . Z . \\ . ^ . ` . b . d . f . h . i . k . m . n . o . r . t . v . y . { . X . q . O . w . x . V . . . O . O . O . U . W . Y . [ . ] . _ . a . c . e . g . Y . j . l . . . W . p . s . u . . . z . | .
                                                                  Data Raw:cf 00 3e 01 4e 02 d8 02 4a 03 56 03 5f 03 7d 03 94 03 53 05 54 05 56 05 59 05 5a 05 5c 05 5e 05 60 05 62 05 64 05 66 05 68 05 69 05 6b 05 6d 05 6e 05 6f 05 72 05 74 05 76 05 79 05 7b 05 58 05 71 05 4f 02 77 05 78 05 56 02 ec 03 4f 02 4f 02 4f 02 55 05 57 05 59 02 5b 05 5d 05 5f 05 61 05 63 05 65 05 67 05 59 02 6a 05 6c 05 eb 04 57 05 70 05 73 05 75 05 bc 02 7a 05 7c 05
                                                                  General
                                                                  Stream Path:\x18496\x17814\x15340\x17388\x15464\x17828\x18475
                                                                  File Type:data
                                                                  Stream Size:200
                                                                  Entropy:6.60212455694
                                                                  Base64 Encoded:False
                                                                  Data ASCII:T . W . a . c . e . g . i . k . m . o . . . . . . . . . . . . . . . . . . . . . 2 . . 7 . . . . . . . . / 5 . 4 E 3 . . . " . . . B . . . V . . 5 . . 4 . T . " i F R F . . # . . . I . . . s d . j . . d . . s . . . i . . . . k . g . . . . # . . . . ` . : p ~ . . . . v 1 8 - + . . . . . : . [ . . . . 5 . @ . . . . . . L . { > i 7 . . . . . . . . . $ . . . . . . W h . . K . . . b y d 6 . . . . . .
                                                                  Data Raw:54 02 57 02 61 02 63 02 65 02 67 02 69 02 6b 02 6d 02 6f 02 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 32 f1 f6 37 f4 a4 c2 c3 ea fb cd d9 2f 35 a7 34 45 33 82 d9 85 22 08 88 9a 42 bd 14 a6 56 bd c3 35 c2 fc 34 80 54 f8 22 69 46 52 46 d6 13 23 03 82 ec 49 fb 20 c8 ee 73 64 f2 6a 88 c7 64 b9 8f 73 8d f2 dd 69 12 c0 00 e3 6b e7 67 ef 85 c6 10 23 f3 c0 82 c6 60 89 3a
                                                                  General
                                                                  Stream Path:\x18496\x17932\x17910\x17458\x16778\x17207\x17522
                                                                  File Type:data
                                                                  Stream Size:648
                                                                  Entropy:4.23136263239
                                                                  Base64 Encoded:False
                                                                  Data ASCII:d . f . h . j . l . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . A . . . 3 . 3 . 3 . 3 . 3 . 3 . 3 . . . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . 3 . . . . . . . . . . . A . A . . . . . . . . . B . B . B . B . B . B . K . K . K . K . K . K . C . B . J . C . B . . . . . . .
                                                                  Data Raw:64 01 66 01 68 01 6a 01 6c 01 6d 01 15 02 17 02 18 02 1a 02 1c 02 1d 02 98 03 9d 03 c6 03 c9 03 ce 03 d1 03 d4 03 d7 03 da 03 dd 03 e0 03 e3 03 e6 03 e7 03 e9 03 eb 03 ed 03 ee 03 ef 03 f2 03 f4 03 f6 03 f8 03 fa 03 fc 03 fd 03 00 04 02 04 04 04 06 04 08 04 0a 04 0b 04 12 04 13 04 14 04 16 04 17 04 18 04 19 04 1a 04 1b 04 01 80 01 84 01 80 01 84 01 80 01 8c 01 80 01 80 01 8d 01 8c
                                                                  General
                                                                  Stream Path:\x18496\x17998\x17512\x15799\x17508\x17004\x17832\x18487
                                                                  File Type:data
                                                                  Stream Size:4
                                                                  Entropy:2.0
                                                                  Base64 Encoded:False
                                                                  Data ASCII:a . . .
                                                                  Data Raw:61 02 cb 04
                                                                  General
                                                                  Stream Path:\x18496\x17998\x17512\x15799\x17636\x17203\x17073
                                                                  File Type:data
                                                                  Stream Size:104
                                                                  Entropy:3.91368871811
                                                                  Base64 Encoded:False
                                                                  Data ASCII:} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . . . " . . . . . . . . . . . . . . . . . . . . . " . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                  Data Raw:7d 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 93 02 da 02 da 02 de 02 de 02 85 02 99 02 9b 02 9f 02 a6 02 a8 02 aa 02 aa 02 ac 02 22 00 dd 02 22 00 f3 02 cc 04 cd 04 cd 04 cd 04 cf 04 d0 04 d1 04 d2 04 d2 04 22 00 dd 02 22 00 d4 04 cc 04 ce 04 ce 04 ce 04 1f 00 1f 00 1f 00 d3 04 d3 04 1f 00 1f 00 1f 00 d5 04

                                                                  Network Behavior

                                                                  No network behavior found

                                                                  Code Manipulations

                                                                  Statistics

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  Start time:15:49:27
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\AirServer-5.6.3-x64.msi"
                                                                  Imagebase:0x7ff777c90000
                                                                  File size:66048 bytes
                                                                  MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Start time:15:49:28
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                                  Imagebase:0x7ff777c90000
                                                                  File size:66048 bytes
                                                                  MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Start time:15:49:29
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\System32\MsiExec.exe -Embedding E5F19836F2EFEDEA7D20143B7909D44E C
                                                                  Imagebase:0x7ff777c90000
                                                                  File size:66048 bytes
                                                                  MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Start time:15:49:49
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding DE98669833787A5BCD3688E5E5104924 C
                                                                  Imagebase:0x30000
                                                                  File size:59904 bytes
                                                                  MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Start time:15:49:57
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\System32\MsiExec.exe -Embedding DF281BC9618F703C8F33F0E3DF4ECD49
                                                                  Imagebase:0x7ff777c90000
                                                                  File size:66048 bytes
                                                                  MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Start time:15:49:59
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 41F685AE3C5DD01F383113B00015CD43
                                                                  Imagebase:0x30000
                                                                  File size:59904 bytes
                                                                  MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Start time:15:50:14
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\System32\MsiExec.exe -Embedding 03451E8C3EBFF85C7ADF5F150695B524 E Global\MSI0000
                                                                  Imagebase:0x7ff777c90000
                                                                  File size:66048 bytes
                                                                  MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Start time:15:50:15
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding C752507715D0B25B1403AC3E49A0321D E Global\MSI0000
                                                                  Imagebase:0x30000
                                                                  File size:59904 bytes
                                                                  MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Start time:15:50:17
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\SysWOW64\wevtutil.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:wevtutil.exe" im "C:\Program Files\App Dynamic\AirServer\AirServerEvents.man
                                                                  Imagebase:0xd10000
                                                                  File size:167936 bytes
                                                                  MD5 hash:27C3944EC1E3CAD62641ECBCEB107EE9
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:moderate
                                                                  Start time:15:50:17
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff724c50000
                                                                  File size:625664 bytes
                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Start time:15:50:18
                                                                  Start date:01/12/2021
                                                                  Path:C:\Windows\System32\wevtutil.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"wevtutil.exe" im "C:\Program Files\App Dynamic\AirServer\AirServerEvents.man" /fromwow64
                                                                  Imagebase:0x7ff7d9db0000
                                                                  File size:236032 bytes
                                                                  MD5 hash:17C934058CEC0E97D424EBD8413F01E2
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Start time:15:50:34
                                                                  Start date:01/12/2021
                                                                  Path:C:\Program Files\App Dynamic\AirServer\AirServer.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\App Dynamic\AirServer\AirServer.exe"
                                                                  Imagebase:0x7ff6c5e90000
                                                                  File size:17128288 bytes
                                                                  MD5 hash:071272D03169059BDAE6EBC2F9AA4E95
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Antivirus matches:
                                                                  • Detection: 0%, Metadefender, Browse
                                                                  • Detection: 0%, ReversingLabs

                                                                  Disassembly

                                                                  Code Analysis