Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LRF-Demonstration-Software-2.0.0.4.zip

Overview

General Information

Sample name:LRF-Demonstration-Software-2.0.0.4.zip
Analysis ID:1523394
MD5:5227c7472490433f23661011d1822fca
SHA1:916a590cb230db87ee2158275267efe801033d20
SHA256:a798a77a7983a3962be5a295f0a5858a36872d1b684b3d13e3e69b1d8b0259b0
Infos:

Detection

Score:7
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Launches processes in debugging mode, may be used to hinder debugging
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Potentially Suspicious Rundll32 Activity
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 1536 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • setup.exe (PID: 6456 cmdline: "C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe" MD5: FDD0AB2ED66CC4DB2410048204A366F0)
    • dfsvc.exe (PID: 7096 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: B4088F44B80D363902E11F897A7BAC09)
      • LRF Demonstration Software.exe (PID: 2276 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe" MD5: B925F79742799809616184C9F7F433F9)
      • LRF Demonstration Software.exe (PID: 6920 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe" MD5: B925F79742799809616184C9F7F433F9)
  • rundll32.exe (PID: 2972 cmdline: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbApplication C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\LRF Demonstration Software.application MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Potentially Suspicious Rundll32 Activity
Source: Process startedAuthor: juju4, Jonhnathan Ribeiro, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbApplication C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\LRF Demonstration Software.application, CommandLine: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbApplication C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\LRF Demonstration Software.application, CommandLine|base64offset|contains: kj, Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4380, ProcessCommandLine: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbApplication C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\LRF Demonstration Software.application, ProcessId: 2972, ProcessName: rundll32.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\15ca9238891111f0Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeFile created: C:\Users\user\AppData\Local\Temp\VSDC16E.tmp\install.logJump to behavior
Source: Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdbD} source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source: Binary string: D:\code\GitHub\NAudio\NAudio\obj\Release\NAudio.pdb source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2452640322.00000000051BC000.00000002.00000001.01000000.0000000E.sdmp, NAudio.dll0.11.dr, NAudio.dll.11.dr, NAudio.dll.deploy
Source: Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb8S+RS+ DS+_CorExeMainmscoree.dll source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source: Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source: Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdb source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source: Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb@ source: setup.exe
Source: Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdbh source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source: Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb source: setup.exe
Source: Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdbSHA256|& source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source: Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdb source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source: Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdb source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source: Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\System.Windows.Interactivity.pdb source: System.Windows.Interactivity.dll0.11.dr, System.Windows.Interactivity.dll.deploy
Source: Binary string: c:\DotNetZip\Zip Reduced\obj\Release\Ionic.Zip.Reduced.pdb source: LRF Demonstration Software.exe, 0000000C.00000002.2476614120.000000000706C000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy
Source: LRF-Demonstration-Software-2.0.0.4.zipBinary or memory string: 2.0.0.4/autorun.inf[autorun]
Source: LRF-Demonstration-Software-2.0.0.4.zipBinary or memory string: 2.0.0.4/autorun.inf[autorun]
Source: LRF-Demonstration-Software-2.0.0.4.zipBinary or memory string: 2.0.0.4/autorun.inf
Source: LRF-Demonstration-Software-2.0.0.4.zipBinary or memory string: P2.0.0.4/autorun.inf
Source: autorun.infBinary or memory string: [autorun]
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://davidowens.wordpress.com/2010/09/07/html-5-canvas-and-dashed-lines/
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/opendocument/meta/rdfa#
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deployString found in binary or memory: http://expression/microsoft.expression.interactions.dll
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, System.Windows.Interactivity.dll0.11.dr, System.Windows.Interactivity.dll.deployString found in binary or memory: http://expression/system.windows.interactivity.dll0
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: http://ocsp.comodoca.com0
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: http://ocsp.thawte.com0
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://openoffice.org/2004/calc
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://openoffice.org/2004/office
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://openoffice.org/2004/writer
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://openoffice.org/2005/report
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.000000000351C000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002C39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: TeeChart.Standard.WPF.dll.deployString found in binary or memory: http://www.codeplex.com/DotNetZip.
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.newtone.co.jp
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044EC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AAC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002AAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.newtone.co.jp/
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004475000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.newtone.co.jp/store/home.asp
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.newtone.co.jp/store/home.aspK0
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044F4000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.newtone.co.jpK
Source: LRF Demonstration Software.exe, 0000000C.00000000.1393095221.0000000000BA2000.00000002.00000001.01000000.0000000C.sdmp, LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deployString found in binary or memory: http://www.noptel.fi
Source: LRF Demonstration Software.applicationString found in binary or memory: http://www.noptel.fi/
Source: dfsvc.exe, 0000000B.00000002.2322666794.00000207F1A13000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2317823508.00000207EDAE2000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322192295.00000207EFD89000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322069955.00000207EFD73000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322148896.00000207EFD7F000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322596864.00000207F1A08000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2320893040.00000207EFC58000.00000004.00000020.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2414167079.0000000001358000.00000004.00000020.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2414126645.0000000000977000.00000004.00000020.00020000.00000000.sdmp, lrfd..tion_0000000000000000_0002.0000_none_d4004f438420bf16.cdf-ms.11.drString found in binary or memory: http://www.noptel.fi/%%%
Source: dfsvc.exe, 0000000B.00000002.2318288546.00000207EDB58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.noptel.fi/00000
Source: setup.exeString found in binary or memory: http://www.noptel.fi/Begin
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: http://www.steema.com
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004518000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000034D6000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ADD000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.steema.com/buy
Source: LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004454000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044DC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.steema.com/demo.tee
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.steema.com/demo.ten
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004473000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003B33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.steema.com/teechartnet/test.txt
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.steema.com/test.txt
Source: LRF Demonstration Software.exe, 0000000C.00000002.2459912053.0000000006C15000.00000002.00000001.01000000.0000000F.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2476614120.0000000007149000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: http://www.steema.comT
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.teechart.net/demo.ten
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.000000000448C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.teechart.net/support/index.php
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: dfsvc.exe, 0000000B.00000002.2322148896.00000207EFD7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.op
Source: dfsvc.exe, 0000000B.00000002.2311645811.000002078001B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
Source: dfsvc.exe, 0000000B.00000002.2311645811.000002078001B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreE
Source: dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.steema.com/buy
Source: LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.steema.com/buy-https://www.steema.com/linkIn/tnetstd_startup
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2459912053.0000000006C26000.00000002.00000001.01000000.0000000F.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2480061317.00000000067C2000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployString found in binary or memory: https://www.steema.com/files/public/teechart/html5/latest/src
Source: LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.steema.com/linkIn/tnetstd_startup
Source: classification engineClassification label: clean7.winZIP@9/59@0/0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\DeploymentJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeMutant created: NULL
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeFile created: C:\Users\user\AppData\Local\Temp\VSDC16E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile read: C:\Users\desktop.ini
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe "C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe"
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"
Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbApplication C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\LRF Demonstration Software.application
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe "C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"Jump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: dfshim.dllJump to behavior
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: dfshim.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: dfshim.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: duser.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: thumbcache.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windows.ui.fileexplorer.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: structuredquery.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windows.storage.search.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: samlib.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: networkexplorer.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: cldapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: fltlib.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: mrmcorer.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: provsvc.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: drprov.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: ntlanman.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: davclnt.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: davhlpr.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: dlnashext.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: playtodevice.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: devdispitemprovider.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wpdshext.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: portabledeviceapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: audiodev.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wmvcore.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: wmasf.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: mfsrcsnk.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeSection loaded: rtworkq.dll
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeWindow detected: Number of UI elements: 15
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeWindow detected: Number of UI elements: 13
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\15ca9238891111f0Jump to behavior
Source: LRF-Demonstration-Software-2.0.0.4.zipStatic file information: File size 5558595 > 1048576
Source: Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdbD} source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source: Binary string: D:\code\GitHub\NAudio\NAudio\obj\Release\NAudio.pdb source: dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2452640322.00000000051BC000.00000002.00000001.01000000.0000000E.sdmp, NAudio.dll0.11.dr, NAudio.dll.11.dr, NAudio.dll.deploy
Source: Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb8S+RS+ DS+_CorExeMainmscoree.dll source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source: Binary string: C:\Git\LRF_Tester\obj\Debug\LRF Demonstration Software.pdb source: LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deploy
Source: Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdb source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source: Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb@ source: setup.exe
Source: Binary string: f:\dd\trinity\appnet\fx\office\nopia\utilities\word\objr\i386\Microsoft.Office.Tools.Word.v4.0.Utilities.pdbh source: Microsoft.Office.Tools.Word.v4.0.Utilities.dll0.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.11.dr, Microsoft.Office.Tools.Word.v4.0.Utilities.dll.deploy
Source: Binary string: Q:\cmd\8\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb source: setup.exe
Source: Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdbSHA256|& source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source: Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Microsoft.Expression.Interactions.pdb source: Microsoft.Expression.Interactions.dll.11.dr, Microsoft.Expression.Interactions.dll0.11.dr, Microsoft.Expression.Interactions.dll.deploy
Source: Binary string: D:\Dev\Math.NET\mathnet-numerics\src\Numerics\obj\Release\net461\MathNet.Numerics.pdb source: MathNet.Numerics.dll0.11.dr, MathNet.Numerics.dll.11.dr, MathNet.Numerics.dll.deploy
Source: Binary string: d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\System.Windows.Interactivity.pdb source: System.Windows.Interactivity.dll0.11.dr, System.Windows.Interactivity.dll.deploy
Source: Binary string: c:\DotNetZip\Zip Reduced\obj\Release\Ionic.Zip.Reduced.pdb source: LRF Demonstration Software.exe, 0000000C.00000002.2476614120.000000000706C000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy
Source: MathNet.Numerics.dll.11.drStatic PE information: 0x8687854D [Wed Jul 10 00:20:29 2041 UTC]
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f\Microsoft.Expression.Interactions.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9\TeeChart.Standard.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711\Microsoft.Office.Tools.Word.v4.0.Utilities.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705\System.Windows.Interactivity.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exeJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332\TeeChart.Standard.WPF.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dllJump to dropped file
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeFile created: C:\Users\user\AppData\Local\Temp\VSDC16E.tmp\install.logJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel OyJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy\LRF Demonstration Software.appref-msJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy\LRF Demonstration Software online support.urlJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey value created or modified: HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\lrfd..tion_0000000000000000_0002.0000_a549107a3fb23252 {c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrustJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 207EB8E0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 207ED3E0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeMemory allocated: 3290000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeMemory allocated: 5290000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeMemory allocated: F70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeMemory allocated: 28D0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeMemory allocated: 48D0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599889Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599778Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599666Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599554Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599442Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599331Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599203Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599091Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598980Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598869Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598758Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598646Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598534Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598407Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598281Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598169Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598057Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597945Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597830Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597706Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597579Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597451Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597340Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597229Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597117Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597005Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596893Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596767Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596624Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596513Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596401Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596289Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596177Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596065Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595922Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595794Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595682Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595570Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595458Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595347Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595219Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595092Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594980Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594868Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594757Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 9430Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeWindow / User API: windowPlacementGot 915Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeWindow / User API: windowPlacementGot 379
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f\Microsoft.Expression.Interactions.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9\TeeChart.Standard.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711\Microsoft.Office.Tools.Word.v4.0.Utilities.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705\System.Windows.Interactivity.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332\TeeChart.Standard.WPF.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -6456360425798339s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -599889s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -599778s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -599666s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -599554s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -599442s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -599331s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -599203s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -599091s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -598980s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -598869s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -598758s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -598646s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -598534s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -598407s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -598281s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -598169s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -598057s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -597945s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -597830s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -597706s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -597579s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -597451s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -597340s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -597229s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -597117s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -597005s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -596893s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -596767s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -596624s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -596513s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -596401s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -596289s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -596177s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -596065s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -595922s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -595794s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -595682s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -595570s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -595458s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -595347s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -595219s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -595092s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -594980s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -594868s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4580Thread sleep time: -594757s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599889Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599778Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599666Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599554Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599442Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599331Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599203Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599091Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598980Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598869Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598758Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598646Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598534Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598407Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598281Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598169Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598057Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597945Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597830Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597706Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597579Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597451Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597340Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597229Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597117Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597005Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596893Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596767Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596624Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596513Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596401Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596289Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596177Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596065Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595922Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595794Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595682Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595570Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595458Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595347Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595219Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595092Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594980Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594868Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594757Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
Source: LRF Demonstration Software.exe, 00000010.00000002.2500184204.00000000086ED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: LRF Demonstration Software.exe, 00000010.00000002.2513408198.000000000DC04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userST.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe.config VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\noptel_logo_12d.ico VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.WPF.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\TeeChart.Standard.WPF.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		Windows Management Instrumentation1
Windows Service		1
Windows Service		1
Masquerading		OS Credential Dumping1
Query Registry		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Process Injection		1
Modify Registry		LSASS Memory1
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		11
Disable or Modify Tools		Security Account Manager32
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		32
Virtualization/Sandbox Evasion		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Process Injection		LSA Secrets1
Peripheral Device Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Rundll32		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSync13
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1523394 Sample: LRF-Demonstration-Software-... Startdate: 01/10/2024 Architecture: WINDOWS Score: 7 6 setup.exe 3 2->6         started        8 rundll32.exe 2->8         started        10 rundll32.exe 2->10         started        process3 12 dfsvc.exe 135 104 6->12         started        file4 19 C:\Users\user\...\TeeChart.Standard.dll, PE32 12->19 dropped 21 C:\Users\user\...\TeeChart.Standard.WPF.dll, PE32 12->21 dropped 23 C:\Users\...\System.Windows.Interactivity.dll, PE32 12->23 dropped 25 13 other files (none is malicious) 12->25 dropped 15 LRF Demonstration Software.exe 19 6 12->15         started        17 LRF Demonstration Software.exe 12->17         started        process5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.dll0%ReversingLabs
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll0%ReversingLabs
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f\Microsoft.Expression.Interactions.dll0%ReversingLabs
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711\Microsoft.Office.Tools.Word.v4.0.Utilities.dll0%ReversingLabs
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705\System.Windows.Interactivity.dll0%ReversingLabs
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332\TeeChart.Standard.WPF.dll3%ReversingLabs
C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9\TeeChart.Standard.dll2%ReversingLabs
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll2%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.fontbureau.com/designersG0%URL Reputationsafe
http://www.fontbureau.com/designers/?0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.fontbureau.com/designers?0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.fonts.com0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.fontbureau.com0%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.fontbureau.com/designers/frere-jones.html0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.fontbureau.com/designers80%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.fontbureau.com/designersGdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers/?dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.founder.com.cn/cn/bThedfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers?dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://davidowens.wordpress.com/2010/09/07/html-5-canvas-and-dashed-lines/LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004486000.00000004.00000800.00020000.00000000.sdmpfalse
    		unknown
    http://www.newtone.co.jp/LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044EC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AAC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002AAB000.00000004.00000800.00020000.00000000.sdmpfalse
      		unknown
      https://www.steema.com/buy-https://www.steema.com/linkIn/tnetstd_startupLRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACD000.00000004.00000800.00020000.00000000.sdmpfalse
        		unknown
        http://openoffice.org/2004/calcLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpfalse
          		unknown
          http://www.steema.com/buyLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004518000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000034D6000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ADD000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACD000.00000004.00000800.00020000.00000000.sdmpfalse
            		unknown
            http://www.tiro.comdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.steema.comTLRF Demonstration Software.exe, 0000000C.00000002.2459912053.0000000006C15000.00000002.00000001.01000000.0000000F.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2476614120.0000000007149000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployfalse
              		unknown
              http://www.fontbureau.com/designersdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.newtone.co.jp/store/home.aspLRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004475000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003B35000.00000004.00000800.00020000.00000000.sdmpfalse
                		unknown
                http://www.goodfont.co.krdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.teechart.net/demo.tenLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown
                  http://www.newtone.co.jpLRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmpfalse
                    		unknown
                    http://www.noptel.fi/Beginsetup.exefalse
                      		unknown
                      http://www.sajatypeworks.comdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.typography.netDdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cn/cThedfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.galapagosdesign.com/staff/dennis.htmdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.steema.comdfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2311645811.0000020780428000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployfalse
                        		unknown
                        http://fontfabrik.comdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown
                          http://www.codeplex.com/DotNetZip.TeeChart.Standard.WPF.dll.deployfalse
                            		unknown
                            http://www.newtone.co.jp/store/home.aspK0LRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              http://crl.thawte.com/ThawteTimestampingCA.crl0dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.newtone.co.jpKLRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044F4000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                http://www.galapagosdesign.com/DPleasedfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://openoffice.org/2005/reportLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://www.fonts.comdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sandoll.co.krdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.xrml.org/schema/2001/11/xrml2coreEdfsvc.exe, 0000000B.00000002.2311645811.000002078001B000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://www.urwpp.deDPleasedfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.steema.com/buyLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://www.zhongyicts.com.cndfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameLRF Demonstration Software.exe, 0000000C.00000002.2418554175.000000000351C000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002C39000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.sakkal.comdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://docs.oasis-open.org/opendocument/meta/rdfa#LRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://www.steema.com/test.txtLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://www.noptel.fi/LRF Demonstration Software.applicationfalse
                                            		unknown
                                            http://www.apache.org/licenses/LICENSE-2.0dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://www.fontbureau.comdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cabLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://www.steema.com/demo.tenLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003ACB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://www.noptel.fi/00000dfsvc.exe, 0000000B.00000002.2318288546.00000207EDB58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://ocsp.thawte.com0dfsvc.exe, 0000000B.00000002.2311645811.0000020780348000.00000004.00000800.00020000.00000000.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 0000000B.00000002.2311645811.000002078001B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://www.w3.opdfsvc.exe, 0000000B.00000002.2322148896.00000207EFD7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://www.carterandcone.comldfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.steema.com/demo.teeLRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004454000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.00000000044DC000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2418656962.0000000002A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://www.fontbureau.com/designers/cabarga.htmlNdfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.founder.com.cn/cndfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designers/frere-jones.htmldfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.jiyu-kobo.co.jp/dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designers8dfsvc.exe, 0000000B.00000002.2319237629.00000207EF212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://openoffice.org/2004/writerLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://www.steema.com/linkIn/tnetstd_startupLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.steema.com/files/public/teechart/html5/latest/srcLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2459912053.0000000006C26000.00000002.00000001.01000000.0000000F.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2480061317.00000000067C2000.00000002.00000001.01000000.00000010.sdmp, TeeChart.Standard.WPF.dll0.11.dr, TeeChart.Standard.WPF.dll.11.dr, TeeChart.Standard.WPF.dll.deploy, TeeChart.Standard.dll.deployfalse
                                                                		unknown
                                                                http://www.noptel.fi/%%%dfsvc.exe, 0000000B.00000002.2322666794.00000207F1A13000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2317823508.00000207EDAE2000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322192295.00000207EFD89000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322069955.00000207EFD73000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322148896.00000207EFD7F000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2322596864.00000207F1A08000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000B.00000002.2320893040.00000207EFC58000.00000004.00000020.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2414167079.0000000001358000.00000004.00000020.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2414126645.0000000000977000.00000004.00000020.00020000.00000000.sdmp, lrfd..tion_0000000000000000_0002.0000_none_d4004f438420bf16.cdf-ms.11.drfalse
                                                                  		unknown
                                                                  http://www.teechart.net/support/index.phpLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.000000000448C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://www.noptel.fiLRF Demonstration Software.exe, 0000000C.00000000.1393095221.0000000000BA2000.00000002.00000001.01000000.0000000C.sdmp, LRF Demonstration Software.exe.11.dr, LRF Demonstration Software.exe0.11.dr, LRF Demonstration Software.exe.deployfalse
                                                                      		unknown
                                                                      http://www.steema.com/teechartnet/test.txtLRF Demonstration Software.exe, 0000000C.00000002.2418554175.0000000003470000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 0000000C.00000002.2437755770.0000000004473000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003B33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://openoffice.org/2004/officeLRF Demonstration Software.exe, 0000000C.00000002.2418554175.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, LRF Demonstration Software.exe, 00000010.00000002.2438009501.0000000003AB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown

                                                                          World Map of Contacted IPs

                                                                          No contacted IP infos

                                                                          General Information

                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                          Analysis ID:1523394
                                                                          Start date and time:2024-10-01 15:11:53 +02:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 6m 46s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                          Number of analysed new started processes analysed:22
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:LRF-Demonstration-Software-2.0.0.4.zip
                                                                          Detection:CLEAN
                                                                          Classification:clean7.winZIP@9/59@0/0
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .zip

                                                                          Warnings

                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                          • VT rate limit hit for: LRF-Demonstration-Software-2.0.0.4.zip

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          09:12:38API Interceptor1679486x Sleep call for process: dfsvc.exe modified
                                                                          09:13:34API Interceptor89x Sleep call for process: LRF Demonstration Software.exe modified

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          No context

                                                                          Domains

                                                                          No context

                                                                          ASNs

                                                                          No context

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dllhttps://1drv.ms/u/s!BLF16JzeCiJ7hgR4-OtYQ5YYVdaK?e=3WDlGo826EG3dr460Y6e0g&at=9Get hashmaliciousUnknownBrowse
                                                                            C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f\Microsoft.Expression.Interactions.dllhttps://procore-drive.s3.amazonaws.com/ProcoreDriveSetup.exeGet hashmaliciousUnknownBrowse
                                                                              VyprVPN-4.1.0.10541-.exeGet hashmaliciousRedLineBrowse
                                                                                VyprVPN-4.1.0.10541-.exeGet hashmaliciousRedLineBrowse
                                                                                  Helix_Setup.msiGet hashmaliciousUnknownBrowse
                                                                                    OneLaunch - EarthView3D_3o3f1.exeGet hashmaliciousUnknownBrowse
                                                                                      https://www.sharp-nec-displays.com/support/webdl/dl_service/data/led_display/viplex_express_sw/Viplex_Express_software(V1.4.0_CTM5.1.3).zipGet hashmaliciousUnknownBrowse
                                                                                        https://geteasypdf.com/Get hashmaliciousUnknownBrowse
                                                                                          SecuriteInfo.com.Trojan-Spy.AgentTesla.19330.30734.exeGet hashmaliciousUnknownBrowse
                                                                                            SecuriteInfo.com.Trojan-Spy.AgentTesla.19330.30734.exeGet hashmaliciousUnknownBrowse
                                                                                              MDE_File_Sample_4e8af2004a77f531e655e2e5cb669c388d0655c9.zipGet hashmaliciousUnknownBrowse

                                                                                                Created / dropped Files

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd...exe_0000000000000000_0002.0000_none_4224d59939602c35\LRF Demonstration Software.exe.config

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2080
                                                                                                Entropy (8bit):4.943022596441392
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:crr7HKq7HqtrFz7l+Xo7+9/Q/mnGRwRUXMp7RiP:ur7h7KtrFvIf9sQO6UcJ0P
                                                                                                MD5:1A57EBB88FDB5F99428272A77AEA73E7
                                                                                                SHA1:B17CD1FFFA5C6D3BAA8F055C912F65D589AEB4BF
                                                                                                SHA-256:5B56D4CB97444C01FEA588C83E28054EEDA738DF205B9E4A7543CEEBC5E4248C
                                                                                                SHA-512:312B15EDB004B8A190B635668A6E029452C1E555C480EAA1A8C3AC13D3BB4542670CE7253CA83053F527F6514B44377A0E413FCD70CE263A8E864F4547BDA23B
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="LRF_Tester.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Windows.Interactivity" publicKeyToken="31bf3856ad364e35" culture="neutral"/>.. <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>.. </dependentAssembly>.. </assemblyBin

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd...exe_0000000000000000_0002.0000_none_4224d59939602c35\noptel_logo_12d.ico

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:MS Windows icon resource - 1 icon, -86x-116, 32 bits/pixel
                                                                                                Category:dropped
                                                                                                Size (bytes):98622
                                                                                                Entropy (8bit):2.7195991793490504
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:+6OTQIjQwjQwjQwjQwVQwVQwVQwVQKQyQqQ+Q2QaQaQcQEQEQfsQaWQ9QEQgQgQR:
                                                                                                MD5:5C19A250AB86C3C63D97359B84A10561
                                                                                                SHA1:F5A41D4BAF8A269ACC402B5A279C88AD8BA33BBD
                                                                                                SHA-256:0C791E3BD506C7EC9184D31830CBC660F440341F20135950C2A7762AC95D95B4
                                                                                                SHA-512:5809B67AF57435C5030B508C11A8922411F7C08C2BC1345C51D70461BF18E9223931B4792E78D33AADBA427F33721074A525447C06287F2DC4505533A752A4ED
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:............ .(.......(............. ......s............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.cdf-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):6988
                                                                                                Entropy (8bit):4.204342958793776
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:NjnMYJrpCyp6Kik5snZ4S708dzhk7vEGTU:NIcpCyp6nCkOpbEGg
                                                                                                MD5:807D7C6F5AB063D74B2F0DC3D3A91F1C
                                                                                                SHA1:449076CA8AA1386ED7955E6C449BDCC494FB7F36
                                                                                                SHA-256:BE273C9BFBC326DBFB229B97F6615CC87B4F29DA266700D7CE630E3F45AEEF77
                                                                                                SHA-512:DE290D7D50BF89EE738F26FDB8DF2197A4FA501628489FA99A4CAB77443AC2A9F80DE99F3683C0ED667228148D315A7195E151FE03B9A8B2BA554A560E753003
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:PcmH.........#.ZP.5%G...........T...........................F........<.g..J.|r,..`P............4..l_$.......U..c....................$............[~;1.X.......E6...........f.[....'-........<.....o.....P....'.............B........z..w.....>.xg .\ ...f..VC..#......;..&....k,.r.`.)...R8....W*...T....T=-....z2.._O.........1....I`Dgs..4....$X.l..7...NO.x...\8...C.....;...y..&..d.>....B(.....?.....k5V...B...........!...$...'...+.../...2...5...9...<...@...C...0.......0...@...0...p...0.......0.......0.......0...0...0...`...0.......0.......0.......0... .......P.......T.......p...........................(...............P...............@...........8.......H.......`.......p...........(.......................................(.......................(...........D.......L...(...T.......|...................................................(.......................(...........@.......H...(...\...................................................(...............................(...,.......T...

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):2933248
                                                                                                Entropy (8bit):7.324395450408464
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:aT4l4yBnJrcf/Xxy2QUs9Imcn2NmgAq9IhfNmgAq9ID9Imcn:fy3x9Rog9st
                                                                                                MD5:B925F79742799809616184C9F7F433F9
                                                                                                SHA1:97CE9BEE3B0A6DEF4AA852118A5AFA5EA053D1B4
                                                                                                SHA-256:4E64FDFCC115A2A28399EBB2533DC30178A8F653DEB2C7FC4100675EC63AC37C
                                                                                                SHA-512:F9A26062FA0D98D0A9B81AE401EE42499D244F83932AA90FE2E7C3062E345A0DD1364D341CAF3D0460E224F56D7D3296A018429DBE4A9C861D2DD16A6A8E2F31
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0..6+.........bS+.. ...`+...@.. ....................... -...........`..................................S+.O....`+.......................-......Q+.............................................. ............... ..H............text...85+.. ...6+................. ..`.rsrc........`+......8+.............@..@.reloc........-.......,.............@..B................DS+.....H........@..p................8!..........................................0............}.....(.......(......r...p.(....( ...o!.....{.....(....o!.....{....r...p.(....( ...o!.....{.....(....o!.....{.....(....o!.....{.....(....o!.....{....r-..po!....*..0..`........("........(#....o$...........,*....t......o%...rW..p(&.....,...o%.....+..("...o'...((.....+...*.0...........("...o)...o*...o+....+..*...0..;........("........(#....o$...........,..rW..p.+....t....o,....+..*..0..;.......

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2634
                                                                                                Entropy (8bit):5.018842376765231
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRxXge4ujPvS6cHS6cVS6c6scw2ccwJccf5b7cGTciS6cMKWS6clQcq:3FYZ8h9ojXg2HOoW373KARdFVdhA+4To
                                                                                                MD5:3B88BDE7A3A228E365D1C6810F0BA988
                                                                                                SHA1:4B93BA15EDABA912C17BCE911ECC484DC73FF89C
                                                                                                SHA-256:32D2229EF34622E275926556A9AFFEDEAC319DA8E195C87C830C8B652D72569E
                                                                                                SHA-512:315A9FB79283D929F046F750D7952EE3B9D4B1F6D2AA1A46349ADD215A4975BA9A159897E03C1584D1AB52412703431BA3E9FBE3F4532E2DED39A63F2503F880
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="LRF Demonstration Software" processorArchitecture="msil" version="2.0.0.4" />.. <file name="LRF Demonstration Software.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Windows.Forms" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>..

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.cdf-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):3736
                                                                                                Entropy (8bit):4.0998243971682875
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:kiXyK/J7eV+WwyVnP9tjmqd74lwIGAZamP:liJxPbjmqhGwB+amP
                                                                                                MD5:58CD2DA2B88344CF3DC0BA8E3DE551F7
                                                                                                SHA1:AC7E504A1AA57CEE8C2E94C7E2811AFE982B618C
                                                                                                SHA-256:AF57281E5592A8842ABF081C248B5EF5163D5088C35F3C557CF3D2E0688FFC9D
                                                                                                SHA-512:F533E2D42853DDB23CEB12E1AD1B77DD22C105195435E17C6F593A89E48668BE92B09A8D3C9D20AB6A789E006C3BFAFF1BA1D62F096337B5951441007076A7E2
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:PcmH............M.4x%... .......T...........................$........<.g..J.|r,..`P.............$X.l.......U..c....................$..........NO.x...\.....Y.FP.F......k...&.....'-............z..w.....>.xg .\...........B.......;.................71.. .......................!...0...H...0...x...0.......0.......0...........8.......<.......L.......d.......h.......p...(...x...........P...(.......x...@...............................................(... .......H.......P...(...\...................(.......................(.......................(...........4...@...<.......|...................................................................................................................................................................................................................................................nameMathNet.NumericsprocessorArchitecture%%%msilversion%4.15.0.0........................................MdHd............4...........MdSp....$..........."............... urn:sch

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):1689600
                                                                                                Entropy (8bit):5.878626410015067
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:pdU7QWhlwzqpBFdK9L3YCAcgyPsQzYUR0MQUI/HrZWMGgpoF:Zq3FakUiUIfrZWZ
                                                                                                MD5:0C49185D63202A4A98909351964B5E64
                                                                                                SHA1:B453EFD34E7132BE79ECA12539E1EFB139659D38
                                                                                                SHA-256:3958748CE40A282D30FED4B06F8C8F62C476F482134E34D927ECB7B48B0CDA8B
                                                                                                SHA-512:E1E1245106225BBDF2AD0DB6C7FF4A4AADBD3EFD62305D8822FD48699FF90F131DE301D0399CEA3787A50EBE1D26F801F87D3EF484A1D50CA90A51B3D6390815
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Reputation:low
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M............." ..0.................. ........... ....................... ............`.................................}...O....................................-..T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................................................................(T...*..(T...*"..(U...*....0.............(V...._*.r...p(....*2r...p.(....*.r...p(....*2r...p.(....*.r...p(....*2r...p.(....*.rg..p(....*2rg..p.(....*.r...p(....*2r...p.(....*.rW..p(....*2rW..p.(....*>......i.Z(W...*>......i.Z(W...*6......i(X...*6......i(X...*...2...2...1.#........*#.......?.(......Y(....Y(Y...X(Z...*r..2.../.#........*.l.l([...*"..(....*...0..X.........2...2..-...1.#........*.-..-.#....

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\MathNet.Numerics.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1370
                                                                                                Entropy (8bit):5.079519409226508
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRGpge4VlvS6c9S6c/pS6cVS6cMKWS6To:3FYZ8h9oqgT665oVdTo
                                                                                                MD5:79518917C6DBD34AB865FD6A8B60C4AD
                                                                                                SHA1:D417DDBE5A9BD93E4ABDAA0E9F0C5FA3E066DDC4
                                                                                                SHA-256:F3546D3027FB7A89A1554DCD2E951328BC2E2EF9669A352E36B40B453A96749D
                                                                                                SHA-512:7B4E26CEE61B8CCC39E7D8F3C5F08C1C9843526C0C8DB858FBD23928770DBE121EFAB36117C6309693C06EA90774DC8CA591478A735B5FAD5C24CE08DFCE6AAF
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="MathNet.Numerics" processorArchitecture="msil" version="4.15.0.0" />.. <file name="MathNet.Numerics.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Numerics" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.Serialization" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>..

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.cdf-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):3772
                                                                                                Entropy (8bit):4.1323431528064845
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:KGcnReV+WwCSxrpp9y1fXy2oEh8ieX8ATn:JJqppg5XUEhJO8ATn
                                                                                                MD5:9EB83B750C789A58FCB9729D4143ED3B
                                                                                                SHA1:30A53C2A61FE025AD8EC26CCC78A917A8F27826E
                                                                                                SHA-256:4BF2A0C92F1ED7D2CA8C17F0CC004EFC9B8D5F2AF00EB29351670B9AE6CB69B2
                                                                                                SHA-512:F51AC41E41E7CD3F5FBB6C77BFC8BE2398F4FBD1496B85F4D5380B22C64029F8E08AAA2DF3724A33FDBA60C79B021FDBFDA98060A70E403FB10A3BA43ABC1561
                                                                                                Malicious:false
                                                                                                Preview:PcmH........0..v....'...8.......T............... ...........&........<.g..J.|r,..`P.............k,.r.`......U..c....................$..........R8....W....4n..>C.............'-............z..w.....[~31.X....C.........y..&..d......B(................B....f.T{C..Z.......;.."................... ...#...0...p...0.......0.......0.......0...0.......`.......d.......l...........................(...............P...D...........@...............................................(... .......H.......P...(...d...........................(...............................(........... .......(...(...0.......X...@...`...........................................................................................................................................................................................................................................................nameNAudio%%processorArchitecture%%%msilversion%1.8.5.0%........................................MdHd............0...........MdSp....$...

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):507904
                                                                                                Entropy (8bit):6.020085140253377
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:y6/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZ7:yyrSKMJR9aGs55T1X9Fwspi2tGpm
                                                                                                MD5:5DA17FA97FCE539C78E3018EE1C29CD0
                                                                                                SHA1:CFF12EDD4361FA5C310250EBAACBFC54274F00C8
                                                                                                SHA-256:92254CB54BBDD875F6950C2AFBFE17C001BBF7DCCD43D43EAFDB7D9BFEC35AFE
                                                                                                SHA-512:1F402EBE99CF95C55E9B524B91C9002A68F04F7F7D7A29E189C2226AD88E76BF18047B201C75DE805B4DCDE9830D765D705946B045937AA40D3E2E5465E5DCC5
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Joe Sandbox View:
                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(..[.........." ..0.............&.... ........... ....................... ............@.....................................O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........d..0K............................................................{=...*..{>...*V.(?.....}=.....}>...*...0..;........u(.....,/(@....{=....{=...oA...,.(B....{>....{>...oC...*.*. ... )UU.Z(@....{=...oD...X )UU.Z(B....{>...oE...X*.0...........r...p......%..{=..........+.....+...-.q+........+...-.&.+...+...oF....%..{>..........,.....,...-.q,........,...-.&.+...,...oF....(G...*r...(....(H.....}......}....*JrG..p.......(I...*2.,...s....z*..{....*..(-.....}......}......}...

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\NAudio.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1340
                                                                                                Entropy (8bit):5.08238158079054
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRZge4kvSkcMKWSspcHSkcVSkcf5bdTo:3FYZ8h9ofggVVpQGAXTo
                                                                                                MD5:93339CEE5FBBE87129FDD98DD8ED7EA1
                                                                                                SHA1:4C2B6E4E5D293A3621780FEC5F2C44FEC5C5B061
                                                                                                SHA-256:EBC2AC8B4E9FA4659449B550D981E995F49E8E86D64A2ED72D0B716549DEF6CF
                                                                                                SHA-512:51AEAD3AA749C3CD337E8E53BC3D91613C4296DDF1713583A461FCD99B990DCD4C329A4BB50719587D3F4544FDE2301C772C9192ED4A979075D0BEFAD7A9D60F
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="NAudio" processorArchitecture="msil" version="1.8.5.0" />.. <file name="NAudio.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Core" publicKeyToken="b77a5c561934e089" version="3.5.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Windows.Forms" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssem

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\lrfd...exe_0000000000000000_0002.0000_none_4224d59939602c35.cdf-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):16108
                                                                                                Entropy (8bit):4.140661868042907
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:P6/5JvOV7EKQH0oxZHFjT77tQ+gRL0Lc5:i/TvGxqzxZHFjT77tQ+gRL0Lc5
                                                                                                MD5:F34DE9FB13989531EB4E431B92A39066
                                                                                                SHA1:66586CB9F07BBF0F9A2C9FBCC8A1B24F433DC17F
                                                                                                SHA-256:A408D5532AC9B4D20C6C7F6D569F3899E2351B4360BF73083DF0947D2CD7E4E4
                                                                                                SHA-512:60D0A491FC0AFEB02E85E89121DBA7169578CBF23A1376EA91437CD9B67F4BAC12D21C9F025951DB7B12BAB1440CCB31E65731DF0019607E70CA3919434A75BE
                                                                                                Malicious:false
                                                                                                Preview:PcmH.............I..q...t...*...T...............L...........p...B....<.g..J.|r,..`P...E6...........8........R...................4..l_$.......U..c....................$............[~;1.X.....Y.FP.F.......K.}......o..5.......4n..>C.....[A...}VI#...E..."r.[(...6.._.7..-...?=...P..8...5...M...;..........~<...'-....=....."-h...>...j.......?...K*...!.@...d.#1.ht.D....I`Dgs..H...<.....o.I...P....'..J........&.=M....z2.._O.N....2{x.".\O....u..IV..R...0.r.....S....,...J.V....B(.....W........VX....$X.l..[...NO.x...\\....335.{.._....k,.r.`.c...R8....Wd........f.[g...........k.......A...K...P...T...Y...]...`...e...h.......................$.......,.......0.......L.......d.......h.......p...4...x...0....... .......................0...........L... ...`...................0.......%....... ...................,...0...8.......h... .......................0............... ...........4.......H...0...T... ....... .......................0............... ...,.......L.......`...0...l........... ...

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\lrfd...exe_0000000000000000_0002.0000_none_4224d59939602c35.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF, LF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8905
                                                                                                Entropy (8bit):5.238729706927907
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:oRGB+cfw5tUecbwt+87I1wztFMBA/17yD:NB+cfw5tUecbwI8E1wztFMBANY
                                                                                                MD5:562F51F5E12B2F7016AFC56A9A077F3B
                                                                                                SHA1:7FF328FF80DD5BF48568C8865163FA898DA880DE
                                                                                                SHA-256:ED4DEDDA4E1B0259381733523E5345369227AD827F3CDB24CDAEFAF9BFEC1895
                                                                                                SHA-512:A09E0C5408ABFE4707045E503B83B356F285B0EA97F0B9796247D4BA59FEEDFFD5C66C44A73E7C27FB1AF6F1F5E584D671439835EC0A2BB90BDF1A3FD2AE4A80
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="LRF Demonstration Software.exe" version="2.0.0.4" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="msil" type="win32" />.. <description asmv2:iconFile="noptel_logo_12d.ico" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <application />.. <entryPoint>.. <assemblyIdentity name="LRF Demonstration Software" version="2.0.0.4" language="neutral" processorArchitecture="msil" />.. <command

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\lrfd..tion_0000000000000000_0002.0000_none_d4004f438420bf16.cdf-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):4536
                                                                                                Entropy (8bit):4.774150524527508
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:wff6dsZuMbzfvEW0m5R/TN6VUmMRgcNdsPDkM1t0QDF+ng/f:wff6dNMbTHvNI9UgYdYIIHkngX
                                                                                                MD5:0FC9B588AAF641F5C8A4D5B03C9FA14B
                                                                                                SHA1:00FFCDCCF440F7D629E2B9F987FE2852BFA63A94
                                                                                                SHA-256:85DFC6D7967F98C30517A0B61BBDC924A8E8A785FB3DF2ABA2235159FCFF340F
                                                                                                SHA-512:BFE98BE64716C147395A7F2F807D1472CAAEBF7BD6CF573C5DBA2F2D190E4FB67322A56B9BC617D341DFA6E1D2F25CB6C38E5DAE375CCF528C001DEFE4146160
                                                                                                Malicious:false
                                                                                                Preview:PcmH............T.$...L.......T...............D...........#........<.g..J.|r,..`P......Z...../............x...\......@s.ooe.)....&PI.>.*.....4..l_$......3..........................#.T.....U..c...................'-.........."-h........$............[~;1.X.........8........R..........E6......j...........K*...!.................l.......x.......|...\....... .......................0...........L.......X.......t...................................&........................................... .......(...4...0...0...d...P...............................................L... .......l.......t...........................4.0.30319%%%Full4.8%Application Files\LRF Demonstration Software_2_0_0_4\LRF Demonstration Software.exe.manifest.M..N..Y8.3R>SE6.'...<.$.........cI............8........................"......................................Noptel Oy%%%LRF Demonstration Software%%http://www.noptel.fi/%%%...................................#0.......nameLRF Demonstration Software.application%%proc

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\lrfd..tion_0000000000000000_0002.0000_none_d4004f438420bf16.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (550), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2026
                                                                                                Entropy (8bit):5.2401011053421875
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:3B9oLwOw8jZcT+utgH3LO7pb1KQTD1fls+2g0n6N0kkQdEkTw:xWLwO9ZcT+b3L+bjTRds+uSk/
                                                                                                MD5:AAE38A20F9E64052ABE3DA237584D5FE
                                                                                                SHA1:1A4B4B7339A81E0CC4E9E43ABA47732D710771FA
                                                                                                SHA-256:4796A9C0EAB04D67DD405C2E74AF7A5C70C763B14B029B2830A2B150BFB3FBE6
                                                                                                SHA-512:8A606F6D5B969A0406C9938D86C2BC5C17277FBA0CC079793F0B8F7022CD0FD9DA3309363F2C282029757DC56453F2639CE0AACC5731888DD47FA65FE9B7EAE1
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="LRF Demonstration Software.application" version="2.0.0.4" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="Noptel Oy" asmv2:product="LRF Demonstration Software" asmv2:supportUrl="http://www.noptel.fi/" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install=

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f.cdf-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):5240
                                                                                                Entropy (8bit):4.241022710412075
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:SYYcYEGflmftSeV+WwL+atQ5716EA6Tyq/CiNUKhLlnvXJqPZezbM:IGGflUJYC716EANqaiKKp1XMR/
                                                                                                MD5:B4B483BB3B704EFC17005A118899CBFE
                                                                                                SHA1:9A25E05A89D730ED7A7BBD8A5B8F02FBDF0185A5
                                                                                                SHA-256:6667ADF96581753F0F9B90F8E4EBAF12A34452DA99B394860856FF6DB08DCE9B
                                                                                                SHA-512:A488A59E28762AFDDB0F797850BBDCC4B6C36DC705A0393F46542C8316983ACF8A7224CEC390D0E6F01339F605549D56DC4EAA8B69F87FDBB0E74A9C0AF17193
                                                                                                Malicious:false
                                                                                                Preview:PcmH.........(. /G.y3...h.......T...............D...........2........<.g..J.|r,..`P.............335.{.......U..c...................'-.........z2.._O......$...........2{x.".\.......K.}.............B........z..w.....>.xg .\.........&.=.....z2.._O........{.[.(.......;.."...T....T=%.......(..........B+....Q.Z..V}................ ...#...&...)...,.../...0.......0...0...0...`...0.......0.......0.......0... ...0...P...........!.......................................................4...........(...P.......%...`...@.......................................(...........$.......,.......H...(...X...................(.......................(.......................(...........<.......D...(...L.......t.......|...(.......................(...............d...........\...........................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1997
                                                                                                Entropy (8bit):5.0611945699814145
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRv+IigePD+It+vS6cVS6cTcNctQcxuQclQctpS6cMKWS6To:3FYZ8h9ol+IigID+Itso3puhe5VdTo
                                                                                                MD5:A6740389AA99D1B7B0FC5ADA08871AC5
                                                                                                SHA1:24366FD8DDB3A51436D5D8CAFA2D1C8D5D1F993C
                                                                                                SHA-256:AB9DD629883F11C0FEE157E6CAF545263ADC6E1564576A2B4C23D41AC1406227
                                                                                                SHA-512:F60DB02DF43B96F8864FE84FECE968A8A5D44291E2FFA2980B6AD8FA678356CACB3B18C3AF5A4608732627F715CE3E65FA6140086E4077F91B30BAF378EF53DD
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="Microsoft.Expression.Interactions" processorArchitecture="msil" publicKeyToken="31BF3856AD364E35" version="4.5.0.0" />.. <file name="Microsoft.Expression.Interactions.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Windows.Interactivity" publicKeyToken="31bf3856ad364e35" version="

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711.cdf-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):3968
                                                                                                Entropy (8bit):4.313878389019113
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:GYDFncRy8eV+WwVO7MQzkmyYAoneZdN+0P8syiU:5ncRUJ7zkmBAoneZl3U
                                                                                                MD5:910A76E2C105F716A15971D2768D9D76
                                                                                                SHA1:E2303607E5B2D2B6829DDC966F3AD837E4AFEF65
                                                                                                SHA-256:DC27E08C78D4643ACDE89F695DECBB4E9B0C81F4428437D5E7C0C3772DA6A752
                                                                                                SHA-512:69D8E02DBCC7DE875E3A0B22450E45C0BFC7F26989401A81E384079D314BF8E6040DC4E197DF31A00CF83C4FA13B2E1144489D961B4EC6DD8137637244F5EA09
                                                                                                Malicious:false
                                                                                                Preview:PcmH............h.a'...8.......T............... ...........&........<.g..J.|r,..`P.............,...J......U..c...................'-.........B(..........$...............V....o..5..............B........z..w.....>.xg .\.......;..............C.........y..&..d.!....B(.....".......................#...0...p...0.......0.......0.......0...0.......`...*...d...................................................4...............P...........L...@...|...................................(................... ...(...(.......P.......X...(...`...................(...............................(...............@...$.......d...................................................................................................................................................................................................................................................nameMicrosoft.Office.Tools.Word.v4.0.Utilities%%processorArchitecture%%%msilpublicKeyToken%%B03F5F7F11D50A3Aversion%10.0.0.0............

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1447
                                                                                                Entropy (8bit):5.139066941735575
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRv+7gePzq8+7vS6cVS6cHS6cf5b7cMKWS6To:3FYZ8h9ol+7gIb+foOARVdTo
                                                                                                MD5:A53017F5F171AA9194627A562BA5B25A
                                                                                                SHA1:8540AF867924CE1956BD523E270E3EA7E6EAB852
                                                                                                SHA-256:3FEC6148ECD81CA62AA4339FDD46A8E84D14F46B7167D6234CA65E21696FB113
                                                                                                SHA-512:B7752343DAFA3A2A967E43D81B99BEF7B0A7A00B90D7B507FD1210C9478418C41BDB0094F7077A0FFE0C611B89A8F26432151596CF34122CFA59A1FA87215C4C
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="Microsoft.Office.Tools.Word.v4.0.Utilities" processorArchitecture="msil" publicKeyToken="B03F5F7F11D50A3A" version="10.0.0.0" />.. <file name="Microsoft.Office.Tools.Word.v4.0.Utilities.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Windows.Forms" publicKeyToken="b77a5c561934e089

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705.cdf-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):4340
                                                                                                Entropy (8bit):4.258250341212044
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:0VBttFDxW79NpggVe6S+9owU7gYRKRg3yC3hx5N7Fx0ZdW5t9fTtdINIJ7M1auY:0VrS9DeV+WwU/Kgiu5N/0ZkrTN7McuY
                                                                                                MD5:FB5E5EABCEDE9F49FD308BBBB99761EE
                                                                                                SHA1:00B4DD16F38D0C6578281E32D258020158EAF9C3
                                                                                                SHA-256:291046EB2E6011FBE15B167334FEA9D879A7152E23E3135FBF6F1277E93BFF8A
                                                                                                SHA-512:BDB81E6DF0AD29B323A7C00BF5374D5CAD58845671F2EA335E6AC402631AF37422B13338D6E446FE51769BA9AB7EE206A899743F66193068F702EB5A040FE93A
                                                                                                Malicious:false
                                                                                                Preview:PcmH........jW..d..}+...H.......T...............,...........*........<.g..J.|r,..`P.................&.=.....U..c...................'-.........z2.._O......$...........2{x.".\....[A...}VI.......{.[.(.....z2.._O......>.xg .\.......;..........z..w....T....T=........ ..........B#....Q.Z..V}&...................!...$...'...0.......0.......0.......0...0...0...`...0...................................................................$...4...,.......`...P...4... .......@.......................................(...........@.......H.......P...(...`...................(.......................(.......................(...........D.......L...(...\...........L...............................................................................................................................................................................................................................................................................................................nameSystem.Windows.Interactivityprocesso

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1604
                                                                                                Entropy (8bit):5.0894783401686015
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRTigePnktQcxuQcvS6cVS6clQctpS6To:3FYZ8h9oogIBuOohe5To
                                                                                                MD5:68772808B79200DB14057ADA8A03C0C7
                                                                                                SHA1:75E84B0F2D5BF7FCC39CC36F9D5722591FD2705F
                                                                                                SHA-256:FFF0DDBDE5642F9D91A1C383E67835BB161B6D2D69BADF190DB93CCD8BC1B054
                                                                                                SHA-512:01AC896B6283303737A4D194ECD232468A422AFEC02F22BA286F2D7DD265FE151EA9B730ADBDAFD259A63A76C11176304E0BADD494516C6931FB0746D24A9F7F
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="System.Windows.Interactivity" processorArchitecture="msil" publicKeyToken="31BF3856AD364E35" version="4.5.0.0" />.. <file name="System.Windows.Interactivity.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="WindowsBase" publicKeyToken="31bf3856ad364e35" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="PresentationCore" publicKeyToken="31bf3856ad364e35" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />..

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332.cdf-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):6924
                                                                                                Entropy (8bit):3.8262697063559177
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:1a4Maun37eV+WwIkqoJ9SIcY2RwI/5z+ZjRte6S6DlViP8KV0RkssmX:NMaun8JJoJkYAcFzjeElH
                                                                                                MD5:0427512686E01EF5F4412D02B042AA15
                                                                                                SHA1:0F459A0F714B1F56598AF2C375675A7BFE4494EE
                                                                                                SHA-256:64350083689FB34A351B9A1F4C92D797CD88005205FCD515924A779C424FAFD1
                                                                                                SHA-512:65B295D562951702B03B795DCEC89E6A68E56CF487EDC6DEF5DBA9626582AD13C1D0B684E3EFB9415D2FDD93B968639485EF4B965CCA973FF34ED522B0D4B16A
                                                                                                Malicious:false
                                                                                                Preview:PcmH........r.R..4..D...........T...........................C........<.g..J.|r,..`P.................f.[.....U..c...................'-........<.....o......$..........P....'......6.._.7.............B........z..w.....>.xg .\.......{.[.(.....z2.._O. ...f..VC..#...T....T=&......;..).......,....).5../....B(.....0..........B3....".....B6...y..&..d.9....Q.Z..V}<.....~O..uz?...........!...$...'...*...-...1...4...7...:...=...@...0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......0.......0...........................0.......H.......L.......\.......l.......t...4...............P...............@...........4.......D.......P.......`...(...h...........................(.......................(................... ...(...8.......`.......h...(...p...................(...............................(...................$...(...0.......X.......`...(...l...................(.......................(.......................(...,.......T.......\...............................

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2698
                                                                                                Entropy (8bit):5.032893369297872
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRwkgeP1udWqKvS6cMKWS6clQcxuQctQcVS6ciS6cWS6cBS6cf5b7cb:3FYZ8h9oKkgIioVdhupoFjCARe5QTo
                                                                                                MD5:C90151C32D07254B1182D57FE9955822
                                                                                                SHA1:57A870217C28052BEC203DDA4EAFA5EA5BF98D31
                                                                                                SHA-256:613F85AA26FB4BD8C0B8A5FDE62EA514DF09CA9F2E8FB55BCC2793F4C9671A1C
                                                                                                SHA-512:A06565BDDAF04E7279F5ABFC59DEECD9BAF803B73BEF555E0402F3E47AC33F8D30DD6F74376C7D4A5E457B0BD1BBDBC8B861CDAB370A87CC6EF967EB6ABA3448
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="TeeChart.Standard.WPF" processorArchitecture="msil" publicKeyToken="7D79220C74C907B6" version="4.2018.12.17" />.. <file name="TeeChart.Standard.WPF.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Core" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="PresentationFramework" publicKeyToken="31bf3856ad364e35" version="4.0.0.0" />.. </de

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9.cdf-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):5592
                                                                                                Entropy (8bit):4.175266049513017
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:pLBfX+3iVZ5j5MeV+WwHPdMNOinDPA9B2oBsSxc7cr08eSzX6aS:u3eJJyMNZ4H2oPxcZxSS
                                                                                                MD5:C85AD954EA293DF83269A87F8C2655A6
                                                                                                SHA1:7E036A793AE0EDF442F9384A1205F729FBF153C1
                                                                                                SHA-256:130911AAB8DD83A3A20441BEB120B08EF795C3839D923D4F666DDFB32A2007C1
                                                                                                SHA-512:387E9383C52C85A1DB0CB58286A7FA3DB065E3FC974B236A259B03888647283DFFBAAAE59FD4855F5CBA64C7EB9E6E02280031BAD36631478C399CDDEA1D6505
                                                                                                Malicious:false
                                                                                                Preview:PcmH...........*.=.M7...x.......T...............P...........6........<.g..J.|r,..`P.............I`Dgs.......U..c...................'-........<.....o......$..........P....'......E..."r.[................z..w.....[~31.X.....).5.......B(.........7....7.. ...y..&..d.#...C.....&....".....B).......E..,...f..VC../......;..2...............!...$...'...*...-...0...3...0...0...0...`...0.......0.......0.......0... ...0...P...0.......0...................................................$.......4.......<...4...H.......|...P...<...........@.......................................(...........<.......D.......P...(...`...................(.......................(.......................(...,.......T.......\...(...h...................(.......................(.......................(...........D...p...L...................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\manifests\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2143
                                                                                                Entropy (8bit):5.050151795862494
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRw5geP1udWq1vSkcZdcVSkcf5bdcTdcHSkciSkcBSkcfzdTo:3FYZ8h9oK5gIizOGAXmQDsABTo
                                                                                                MD5:D184ED12D2711C498A7782B001D8CC32
                                                                                                SHA1:91B7D6BE2238341E1B965CB0BC0D6AFDB4461765
                                                                                                SHA-256:B7BF3E123BB5678DE57054379E4CB1F9B54801321DF13839EFFB40EE7EC3A04D
                                                                                                SHA-512:900B2CE9BC151E05ED531E9EA1A00F1C159A8859B6A5B3D485EE9419E41C649DB079162B394EA57969B045B2E630745B2BA403F72B895AE3554EBB0869769E4C
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="TeeChart.Standard" processorArchitecture="msil" publicKeyToken="7D79220C74C907B6" version="4.2018.12.17" />.. <file name="TeeChart.Standard.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Web" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </de

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ions_31bf3856ad364e35_0004.0005_none_29fb1b4caf46359f\Microsoft.Expression.Interactions.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):108168
                                                                                                Entropy (8bit):6.179559450110609
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:hf+YSZc1rj0oek7u05g3XG5rs+eUvNL3NX5S8caZkvsd65FAU9Qyx1NElSJK/Tr:R4ZYrj0oeOg325ragNDNP+AUzqSJMr
                                                                                                MD5:3034CC0D5CF3731ED90153AA616F3F59
                                                                                                SHA1:AACE8D26358D9829F0E6632BDDF183534ACFEC0D
                                                                                                SHA-256:63CD5E8A60D77D1007352538A4285C60C0C3EFB9C771035589105A284E4F63A9
                                                                                                SHA-512:88589B022D713D565342E331394ED5600D1FE346AA788E45E16CF51221CE898F10BD28C6A09FDC44D9AD94F25B4ED22C6F0EB28FA832863C01732DEF5B6C6086
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Joe Sandbox View:
                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                • Filename: VyprVPN-4.1.0.10541-.exe, Detection: malicious, Browse
                                                                                                • Filename: VyprVPN-4.1.0.10541-.exe, Detection: malicious, Browse
                                                                                                • Filename: Helix_Setup.msi, Detection: malicious, Browse
                                                                                                • Filename: OneLaunch - EarthView3D_3o3f1.exe, Detection: malicious, Browse
                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                • Filename: SecuriteInfo.com.Trojan-Spy.AgentTesla.19330.30734.exe, Detection: malicious, Browse
                                                                                                • Filename: SecuriteInfo.com.Trojan-Spy.AgentTesla.19330.30734.exe, Detection: malicious, Browse
                                                                                                • Filename: MDE_File_Sample_4e8af2004a77f531e655e2e5cb669c388d0655c9.zip, Detection: malicious, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X."Q...........!.....^..........n}... ........... ..............................C.....`..................................}..O....................h...>...........{............................................... ............... ..H............text...t]... ...^.................. ..`.rsrc................`..............@..@.reloc...............f..............@..B................P}......H.......L...................1...P ......................................Am.........C.....7.7....|..........,...w?..T....A.e......I}.#N..E....~...y. x`E......C`A&P.....Y.....A..J......#.p..).uGkJ1:.(......}....*:.(......}....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*"..(....*"..(....*..*..{....,..{.....o....*.{....o....*2.~....(....*6.~.....(....*F.~....(....td...*6.~.....(....*J.(.....s ...}....*F.(...

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\micr..ties_b03f5f7f11d50a3a_000a.0000_none_26248fa63945e711\Microsoft.Office.Tools.Word.v4.0.Utilities.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):172432
                                                                                                Entropy (8bit):6.158842290551226
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:K4lSCWRKUHuWINNz5Q/97ukYOaXa9Jyj6zdupCa/UU95L:0PfINN1Q/9yaVc6zwpFvN
                                                                                                MD5:537272CF793E1FAA0D82D64F7EEAB1BF
                                                                                                SHA1:0C678D258C01A56D9ABB8B4B0CAA2B704B6AC4CB
                                                                                                SHA-256:ACA0BF6FD36FF90A704731156E34201C6778AF061D80A108CF9BAAB97C7274BE
                                                                                                SHA-512:3D1EAD0FA6BB5A838E87AD5ACF5BF930ACE2249C4B26572E2DBFABDA4DF27D7AB85D0C5E8A124D5EE88D26CED93C245523F2BF6B3B8A16DB93BE5E1656F8AE41
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..K...........!..................... ........... ...............................;....@.................................@...K.......0............................................................................ ............... ..H............text....~... ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B................p.......H........~......................P .......................................F.z..w..@R.re..../.oi.Y....Z2....3D<................u]W..:z....9.8.x.....j.......:.......z..o!.....!]Z.+.]f..1..y5..K..(%............o....}......{....o....}....*..{....*v.{....o).....o....u.........*2.{....o'...*2.{....o(...*2.{....o)...*6.{.....o....*6.{.....o....*6.{.....o ...*6.{.....o!...*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\syst..vity_31bf3856ad364e35_0004.0005_none_1b13e2ad9f564705\System.Windows.Interactivity.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):55904
                                                                                                Entropy (8bit):6.299047178318044
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:BYQaIZaEmaOQxn6JxKjtlMZAnuETAV+w4:aIhOQcSLAj4
                                                                                                MD5:580244BC805220253A87196913EB3E5E
                                                                                                SHA1:CE6C4C18CF638F980905B9CB6710EE1FA73BB397
                                                                                                SHA-256:93FBC59E4880AFC9F136C3AC0976ADA7F3FAA7CACEDCE5C824B337CBCA9D2EBF
                                                                                                SHA-512:2666B594F13CE9DF2352D10A3D8836BF447EAF6A08DA528B027436BB4AFFAAD9CD5466B4337A3EAF7B41D3021016B53C5448C7A52C037708CAE9501DB89A73F0
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W."Q...........!.................... ........ ;. ...................................`.....................................K.......................`>..........H................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......,O...`..........pD......P ......................................g.=d.N:..K..=mU.....M......^.....@........h.pX..9.web.~M}.R9 l9..2.....1S...{^..Pn....8.6k...S.-.K..$uXpy....t.'.%u/...+VC6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec...wpf_7d79220c74c907b6_0004.07e2_none_99dee6c148ef9332\TeeChart.Standard.WPF.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):2652864
                                                                                                Entropy (8bit):6.388226828949231
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:C6WoBzse+/Z3hKdFIMxJIJYqhI5SHHsaeIT+u+cL9yfpSYO3j9wBA8jfWgP2kK6s:ZFTJFyHHsaeIgcLCpmj9wBkJ
                                                                                                MD5:CB2F1A014FC73297AD52BE4C37CD8E80
                                                                                                SHA1:2F5891FBDABCF1DEB94D00715DD27382851A7049
                                                                                                SHA-256:4E12D64D98E2CC817D852033A82497AFF6857D9204AA7CE593CC1BFE01E95197
                                                                                                SHA-512:9837744954C89D111C0547A3F6C566F557D255D220196012EA82E3CB492575EADDA1DEA56ED1DC0F85A25B163D03FCEF1F8E0851460E93163E1361E0F670C156
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......\.........." ..0..X(..........w(.. ........... ........................(.......)...@.................................xw(.S.....(..............b(.......(...................................................... ............... ..H............text....W(.. ...X(................. ..`.rsrc.........(......Z(.............@..@.reloc........(......`(.............@..B.................w(.....H........d .............DE..P...<d .....................................>..(......}....*.0..A........{.....{....o....+..{.....{.....o}...+.o....+..{.....{.....o}...*...>..(......}....*..{....*.0..4........{.....+ ..+..(....(.....+.}....+..,.+.+...+..o....*.0...........(....8.....(.....8.....{....o....o....8S....{.....{....o....o.....{.....{...........{..........o.....{.....{...........{..........o.....{.....{...........{..........o.....{.....{...........{..........o.....{....

                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\teec..dard_7d79220c74c907b6_0004.07e2_none_9b188e4dd326a5a9\TeeChart.Standard.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):3752128
                                                                                                Entropy (8bit):6.377779143417661
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:9uP96XJFC+yIo9o5sFlXT80p3dyjIjKffy2FV6HS2L0qP8hJ6dXXT/xjHHsao9PK:9HyIxKHHsao9CI2
                                                                                                MD5:D82F1623BC03A26073D25E6D531686A8
                                                                                                SHA1:96A92F0297E703C256D6E2B9A25792B42B991E03
                                                                                                SHA-256:1299ADCE2AE24CFCF025764128722577D8C7E85A3404C938FF5BFE4491F4BD23
                                                                                                SHA-512:E002026128D4FF059854B8CC151E3D1A8A6BC62057E83DF978137CCDB801CB2C02C63B6B8B36C3FDD1B044055F4A9C77142B0680D81E31E3A28389DBF896B428
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......\.........." ..0...9..........29.. ........ B. ........................9.....j-:...@..................................19.O....@9..............(9......`9...................................................... ............... ..H............text.....9.. ....9................. ..`.rsrc........@9.......9.............@..@.reloc.......`9......&9.............@..B.................19.....H........#...............q......X#........................................{....*"..}....*.....{....*"..}....*.....{....*"..}....*.....+...(......(....+.(....+...(....*.:.(......}....*...{....*"..}....*....0..F........+3..+...+...}....+.}....+....}....+.}....+....}....+.(....+....}....*....{....*..{....*"..}....*.....{....*"..}....*.....{....*"..}....*.....{....*"..}....*.....{....*"..}....*....0............8.......8..... .'..(.'..+c.r...p}......} .....}!.....}'.....{....(K"..

                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\VP936N55.log

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):3426
                                                                                                Entropy (8bit):3.750696081294638
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:Zkq6HhKGe1IfxQKsiQY1rY1wGXzl1Oy+QaMmdOm8fxQmc2OmdjllOm8fxQOwGxOO:t6BVYRqaOy0lUvcySo3haNa6
                                                                                                MD5:2CD0933BE9D626C4719E6C35DE288F0D
                                                                                                SHA1:285E5F3E97D6B1C8DE40F5F20AB7E87F42BB6D13
                                                                                                SHA-256:51A461E3D9FC3D45F20B5FCB6E47DD8834A29BD0714AF9174D351EE2B5DCE5A3
                                                                                                SHA-512:F3C7EEACCBA8C04D605C58CFA05EBE92089E1E3EE1350FF6894DE382A79D3D49E05F0CAA53A2E865389A37F6BE13D0F5CAEB3F2F7C19E161BA6A62B05092B7C9
                                                                                                Malicious:false
                                                                                                Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.6.5.4...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.B.......c.l.r...d.l.l. .......:. .4...8...4.6.4.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.B.......d.f.d.l.l...d.l.l. .......:. .4...8...4.6.5.4...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.B.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .f.i.l.e.:./././.C.:./.U.s.e.r.s./.c.a.l.i./.D.e.s.k.t.o.p./.L.R.F.-.D.e.m.o.n.s.t.r.a.t.i.o.n.-.S.o.f.t.w.a.r.e.-.2...0...0...4./.2...0...0...4./.L.R.F.%.2.0.D.e.m.o.n.s.t.r.a.t.i.o.n.%.2.0.S.o.f.t.w.a.r.e...a.p.p.l.i.c.a.t.i.o.n.........I.D.E.N.T.I.T.I.E.S.......D.

                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\Z5KN6MZ3.log

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):13058
                                                                                                Entropy (8bit):3.636785273407074
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:t6BVB5FRqaOydNoU/p8WkjO8Y0ZauNBFEG/JBTaINxsfGlQCzXLKLaNa6:C5F3LBoqIDhQLEv
                                                                                                MD5:8D78854F82178D2DFC3145EF2F75EAAC
                                                                                                SHA1:5B078B01A57292D3AE6D38CF4CB3597E7396EBA9
                                                                                                SHA-256:0DB0305785A2DBE9E8F0B8B75B13F6D4068AC059BF605E0BD6B3BD024A81C82A
                                                                                                SHA-512:0CD050C78ACCC76549624D1A0A4066723CF10FDFB7C67587FB6C20564B5E86181B74270D7907BC591CD6AA97BA24BEC82FCDAE240A1850382111AD508EDA5DC8
                                                                                                Malicious:false
                                                                                                Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.6.5.4...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.B.......c.l.r...d.l.l. .......:. .4...8...4.6.4.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.B.......d.f.d.l.l...d.l.l. .......:. .4...8...4.6.5.4...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.B.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .f.i.l.e.:./././.C.:./.U.s.e.r.s./.c.a.l.i./.D.e.s.k.t.o.p./.L.R.F.-.D.e.m.o.n.s.t.r.a.t.i.o.n.-.S.o.f.t.w.a.r.e.-.2...0...0...4./.2...0...0...4./.L.R.F.%.2.0.D.e.m.o.n.s.t.r.a.t.i.o.n.%.2.0.S.o.f.t.w.a.r.e...a.p.p.l.i.c.a.t.i.o.n.......A.p.p.l.i.c.a.t.i.o.n. .u.r.l.

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\041RJV8M.1QV\3RQWGXPM.JDB.application

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (550), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2026
                                                                                                Entropy (8bit):5.2401011053421875
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:3B9oLwOw8jZcT+utgH3LO7pb1KQTD1fls+2g0n6N0kkQdEkTw:xWLwO9ZcT+b3L+bjTRds+uSk/
                                                                                                MD5:AAE38A20F9E64052ABE3DA237584D5FE
                                                                                                SHA1:1A4B4B7339A81E0CC4E9E43ABA47732D710771FA
                                                                                                SHA-256:4796A9C0EAB04D67DD405C2E74AF7A5C70C763B14B029B2830A2B150BFB3FBE6
                                                                                                SHA-512:8A606F6D5B969A0406C9938D86C2BC5C17277FBA0CC079793F0B8F7022CD0FD9DA3309363F2C282029757DC56453F2639CE0AACC5731888DD47FA65FE9B7EAE1
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="LRF Demonstration Software.application" version="2.0.0.4" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="Noptel Oy" asmv2:product="LRF Demonstration Software" asmv2:supportUrl="http://www.noptel.fi/" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install=

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\BHLMXEX4.7VR\VMNAL2P6.0H9.application

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (550), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2026
                                                                                                Entropy (8bit):5.2401011053421875
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:3B9oLwOw8jZcT+utgH3LO7pb1KQTD1fls+2g0n6N0kkQdEkTw:xWLwO9ZcT+b3L+bjTRds+uSk/
                                                                                                MD5:AAE38A20F9E64052ABE3DA237584D5FE
                                                                                                SHA1:1A4B4B7339A81E0CC4E9E43ABA47732D710771FA
                                                                                                SHA-256:4796A9C0EAB04D67DD405C2E74AF7A5C70C763B14B029B2830A2B150BFB3FBE6
                                                                                                SHA-512:8A606F6D5B969A0406C9938D86C2BC5C17277FBA0CC079793F0B8F7022CD0FD9DA3309363F2C282029757DC56453F2639CE0AACC5731888DD47FA65FE9B7EAE1
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="LRF Demonstration Software.application" version="2.0.0.4" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="Noptel Oy" asmv2:product="LRF Demonstration Software" asmv2:supportUrl="http://www.noptel.fi/" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install=

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):2933248
                                                                                                Entropy (8bit):7.324395450408464
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:aT4l4yBnJrcf/Xxy2QUs9Imcn2NmgAq9IhfNmgAq9ID9Imcn:fy3x9Rog9st
                                                                                                MD5:B925F79742799809616184C9F7F433F9
                                                                                                SHA1:97CE9BEE3B0A6DEF4AA852118A5AFA5EA053D1B4
                                                                                                SHA-256:4E64FDFCC115A2A28399EBB2533DC30178A8F653DEB2C7FC4100675EC63AC37C
                                                                                                SHA-512:F9A26062FA0D98D0A9B81AE401EE42499D244F83932AA90FE2E7C3062E345A0DD1364D341CAF3D0460E224F56D7D3296A018429DBE4A9C861D2DD16A6A8E2F31
                                                                                                Malicious:false
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0..6+.........bS+.. ...`+...@.. ....................... -...........`..................................S+.O....`+.......................-......Q+.............................................. ............... ..H............text...85+.. ...6+................. ..`.rsrc........`+......8+.............@..@.reloc........-.......,.............@..B................DS+.....H........@..p................8!..........................................0............}.....(.......(......r...p.(....( ...o!.....{.....(....o!.....{....r...p.(....( ...o!.....{.....(....o!.....{.....(....o!.....{.....(....o!.....{....r-..po!....*..0..`........("........(#....o$...........,*....t......o%...rW..p(&.....,...o%.....+..("...o'...((.....+...*.0...........("...o)...o*...o+....+..*...0..;........("........(#....o$...........,..rW..p.+....t....o,....+..*..0..;.......

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe.config

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2080
                                                                                                Entropy (8bit):4.943022596441392
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:crr7HKq7HqtrFz7l+Xo7+9/Q/mnGRwRUXMp7RiP:ur7h7KtrFvIf9sQO6UcJ0P
                                                                                                MD5:1A57EBB88FDB5F99428272A77AEA73E7
                                                                                                SHA1:B17CD1FFFA5C6D3BAA8F055C912F65D589AEB4BF
                                                                                                SHA-256:5B56D4CB97444C01FEA588C83E28054EEDA738DF205B9E4A7543CEEBC5E4248C
                                                                                                SHA-512:312B15EDB004B8A190B635668A6E029452C1E555C480EAA1A8C3AC13D3BB4542670CE7253CA83053F527F6514B44377A0E413FCD70CE263A8E864F4547BDA23B
                                                                                                Malicious:false
                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="LRF_Tester.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Windows.Interactivity" publicKeyToken="31bf3856ad364e35" culture="neutral"/>.. <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>.. </dependentAssembly>.. </assemblyBin

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe.genman

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2634
                                                                                                Entropy (8bit):5.018842376765231
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRxXge4ujPvS6cHS6cVS6c6scw2ccwJccf5b7cGTciS6cMKWS6clQcq:3FYZ8h9ojXg2HOoW373KARdFVdhA+4To
                                                                                                MD5:3B88BDE7A3A228E365D1C6810F0BA988
                                                                                                SHA1:4B93BA15EDABA912C17BCE911ECC484DC73FF89C
                                                                                                SHA-256:32D2229EF34622E275926556A9AFFEDEAC319DA8E195C87C830C8B652D72569E
                                                                                                SHA-512:315A9FB79283D929F046F750D7952EE3B9D4B1F6D2AA1A46349ADD215A4975BA9A159897E03C1584D1AB52412703431BA3E9FBE3F4532E2DED39A63F2503F880
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="LRF Demonstration Software" processorArchitecture="msil" version="2.0.0.4" />.. <file name="LRF Demonstration Software.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Windows.Forms" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>..

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\LRF Demonstration Software.exe.manifest

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF, LF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8905
                                                                                                Entropy (8bit):5.238729706927907
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:oRGB+cfw5tUecbwt+87I1wztFMBA/17yD:NB+cfw5tUecbwI8E1wztFMBANY
                                                                                                MD5:562F51F5E12B2F7016AFC56A9A077F3B
                                                                                                SHA1:7FF328FF80DD5BF48568C8865163FA898DA880DE
                                                                                                SHA-256:ED4DEDDA4E1B0259381733523E5345369227AD827F3CDB24CDAEFAF9BFEC1895
                                                                                                SHA-512:A09E0C5408ABFE4707045E503B83B356F285B0EA97F0B9796247D4BA59FEEDFFD5C66C44A73E7C27FB1AF6F1F5E584D671439835EC0A2BB90BDF1A3FD2AE4A80
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="LRF Demonstration Software.exe" version="2.0.0.4" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="msil" type="win32" />.. <description asmv2:iconFile="noptel_logo_12d.ico" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <application />.. <entryPoint>.. <assemblyIdentity name="LRF Demonstration Software" version="2.0.0.4" language="neutral" processorArchitecture="msil" />.. <command

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):1689600
                                                                                                Entropy (8bit):5.878626410015067
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:pdU7QWhlwzqpBFdK9L3YCAcgyPsQzYUR0MQUI/HrZWMGgpoF:Zq3FakUiUIfrZWZ
                                                                                                MD5:0C49185D63202A4A98909351964B5E64
                                                                                                SHA1:B453EFD34E7132BE79ECA12539E1EFB139659D38
                                                                                                SHA-256:3958748CE40A282D30FED4B06F8C8F62C476F482134E34D927ECB7B48B0CDA8B
                                                                                                SHA-512:E1E1245106225BBDF2AD0DB6C7FF4A4AADBD3EFD62305D8822FD48699FF90F131DE301D0399CEA3787A50EBE1D26F801F87D3EF484A1D50CA90A51B3D6390815
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M............." ..0.................. ........... ....................... ............`.................................}...O....................................-..T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................................................................(T...*..(T...*"..(U...*....0.............(V...._*.r...p(....*2r...p.(....*.r...p(....*2r...p.(....*.r...p(....*2r...p.(....*.rg..p(....*2rg..p.(....*.r...p(....*2r...p.(....*.rW..p(....*2rW..p.(....*>......i.Z(W...*>......i.Z(W...*6......i(X...*6......i(X...*...2...2...1.#........*#.......?.(......Y(....Y(Y...X(Z...*r..2.../.#........*.l.l([...*"..(....*...0..X.........2...2..-...1.#........*.-..-.#....

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\MathNet.Numerics.dll.genman

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1370
                                                                                                Entropy (8bit):5.079519409226508
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRGpge4VlvS6c9S6c/pS6cVS6cMKWS6To:3FYZ8h9oqgT665oVdTo
                                                                                                MD5:79518917C6DBD34AB865FD6A8B60C4AD
                                                                                                SHA1:D417DDBE5A9BD93E4ABDAA0E9F0C5FA3E066DDC4
                                                                                                SHA-256:F3546D3027FB7A89A1554DCD2E951328BC2E2EF9669A352E36B40B453A96749D
                                                                                                SHA-512:7B4E26CEE61B8CCC39E7D8F3C5F08C1C9843526C0C8DB858FBD23928770DBE121EFAB36117C6309693C06EA90774DC8CA591478A735B5FAD5C24CE08DFCE6AAF
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="MathNet.Numerics" processorArchitecture="msil" version="4.15.0.0" />.. <file name="MathNet.Numerics.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Numerics" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.Serialization" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>..

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):108168
                                                                                                Entropy (8bit):6.179559450110609
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:hf+YSZc1rj0oek7u05g3XG5rs+eUvNL3NX5S8caZkvsd65FAU9Qyx1NElSJK/Tr:R4ZYrj0oeOg325ragNDNP+AUzqSJMr
                                                                                                MD5:3034CC0D5CF3731ED90153AA616F3F59
                                                                                                SHA1:AACE8D26358D9829F0E6632BDDF183534ACFEC0D
                                                                                                SHA-256:63CD5E8A60D77D1007352538A4285C60C0C3EFB9C771035589105A284E4F63A9
                                                                                                SHA-512:88589B022D713D565342E331394ED5600D1FE346AA788E45E16CF51221CE898F10BD28C6A09FDC44D9AD94F25B4ED22C6F0EB28FA832863C01732DEF5B6C6086
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X."Q...........!.....^..........n}... ........... ..............................C.....`..................................}..O....................h...>...........{............................................... ............... ..H............text...t]... ...^.................. ..`.rsrc................`..............@..@.reloc...............f..............@..B................P}......H.......L...................1...P ......................................Am.........C.....7.7....|..........,...w?..T....A.e......I}.#N..E....~...y. x`E......C`A&P.....Y.....A..J......#.p..).uGkJ1:.(......}....*:.(......}....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*"..(....*"..(....*..*..{....,..{.....o....*.{....o....*2.~....(....*6.~.....(....*F.~....(....td...*6.~.....(....*J.(.....s ...}....*F.(...

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Expression.Interactions.dll.genman

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1997
                                                                                                Entropy (8bit):5.0611945699814145
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRv+IigePD+It+vS6cVS6cTcNctQcxuQclQctpS6cMKWS6To:3FYZ8h9ol+IigID+Itso3puhe5VdTo
                                                                                                MD5:A6740389AA99D1B7B0FC5ADA08871AC5
                                                                                                SHA1:24366FD8DDB3A51436D5D8CAFA2D1C8D5D1F993C
                                                                                                SHA-256:AB9DD629883F11C0FEE157E6CAF545263ADC6E1564576A2B4C23D41AC1406227
                                                                                                SHA-512:F60DB02DF43B96F8864FE84FECE968A8A5D44291E2FFA2980B6AD8FA678356CACB3B18C3AF5A4608732627F715CE3E65FA6140086E4077F91B30BAF378EF53DD
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="Microsoft.Expression.Interactions" processorArchitecture="msil" publicKeyToken="31BF3856AD364E35" version="4.5.0.0" />.. <file name="Microsoft.Expression.Interactions.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Windows.Interactivity" publicKeyToken="31bf3856ad364e35" version="

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):172432
                                                                                                Entropy (8bit):6.158842290551226
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:K4lSCWRKUHuWINNz5Q/97ukYOaXa9Jyj6zdupCa/UU95L:0PfINN1Q/9yaVc6zwpFvN
                                                                                                MD5:537272CF793E1FAA0D82D64F7EEAB1BF
                                                                                                SHA1:0C678D258C01A56D9ABB8B4B0CAA2B704B6AC4CB
                                                                                                SHA-256:ACA0BF6FD36FF90A704731156E34201C6778AF061D80A108CF9BAAB97C7274BE
                                                                                                SHA-512:3D1EAD0FA6BB5A838E87AD5ACF5BF930ACE2249C4B26572E2DBFABDA4DF27D7AB85D0C5E8A124D5EE88D26CED93C245523F2BF6B3B8A16DB93BE5E1656F8AE41
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..K...........!..................... ........... ...............................;....@.................................@...K.......0............................................................................ ............... ..H............text....~... ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B................p.......H........~......................P .......................................F.z..w..@R.re..../.oi.Y....Z2....3D<................u]W..:z....9.8.x.....j.......:.......z..o!.....!]Z.+.]f..1..y5..K..(%............o....}......{....o....}....*..{....*v.{....o).....o....u.........*2.{....o'...*2.{....o(...*2.{....o)...*6.{.....o....*6.{.....o....*6.{.....o ...*6.{.....o!...*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\Microsoft.Office.Tools.Word.v4.0.Utilities.dll.genman

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1447
                                                                                                Entropy (8bit):5.139066941735575
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRv+7gePzq8+7vS6cVS6cHS6cf5b7cMKWS6To:3FYZ8h9ol+7gIb+foOARVdTo
                                                                                                MD5:A53017F5F171AA9194627A562BA5B25A
                                                                                                SHA1:8540AF867924CE1956BD523E270E3EA7E6EAB852
                                                                                                SHA-256:3FEC6148ECD81CA62AA4339FDD46A8E84D14F46B7167D6234CA65E21696FB113
                                                                                                SHA-512:B7752343DAFA3A2A967E43D81B99BEF7B0A7A00B90D7B507FD1210C9478418C41BDB0094F7077A0FFE0C611B89A8F26432151596CF34122CFA59A1FA87215C4C
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="Microsoft.Office.Tools.Word.v4.0.Utilities" processorArchitecture="msil" publicKeyToken="B03F5F7F11D50A3A" version="10.0.0.0" />.. <file name="Microsoft.Office.Tools.Word.v4.0.Utilities.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Windows.Forms" publicKeyToken="b77a5c561934e089

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):507904
                                                                                                Entropy (8bit):6.020085140253377
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:y6/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZ7:yyrSKMJR9aGs55T1X9Fwspi2tGpm
                                                                                                MD5:5DA17FA97FCE539C78E3018EE1C29CD0
                                                                                                SHA1:CFF12EDD4361FA5C310250EBAACBFC54274F00C8
                                                                                                SHA-256:92254CB54BBDD875F6950C2AFBFE17C001BBF7DCCD43D43EAFDB7D9BFEC35AFE
                                                                                                SHA-512:1F402EBE99CF95C55E9B524B91C9002A68F04F7F7D7A29E189C2226AD88E76BF18047B201C75DE805B4DCDE9830D765D705946B045937AA40D3E2E5465E5DCC5
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(..[.........." ..0.............&.... ........... ....................... ............@.....................................O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........d..0K............................................................{=...*..{>...*V.(?.....}=.....}>...*...0..;........u(.....,/(@....{=....{=...oA...,.(B....{>....{>...oC...*.*. ... )UU.Z(@....{=...oD...X )UU.Z(B....{>...oE...X*.0...........r...p......%..{=..........+.....+...-.q+........+...-.&.+...+...oF....%..{>..........,.....,...-.q,........,...-.&.+...,...oF....(G...*r...(....(H.....}......}....*JrG..p.......(I...*2.,...s....z*..{....*..(-.....}......}......}...

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\NAudio.dll.genman

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1340
                                                                                                Entropy (8bit):5.08238158079054
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRZge4kvSkcMKWSspcHSkcVSkcf5bdTo:3FYZ8h9ofggVVpQGAXTo
                                                                                                MD5:93339CEE5FBBE87129FDD98DD8ED7EA1
                                                                                                SHA1:4C2B6E4E5D293A3621780FEC5F2C44FEC5C5B061
                                                                                                SHA-256:EBC2AC8B4E9FA4659449B550D981E995F49E8E86D64A2ED72D0B716549DEF6CF
                                                                                                SHA-512:51AEAD3AA749C3CD337E8E53BC3D91613C4296DDF1713583A461FCD99B990DCD4C329A4BB50719587D3F4544FDE2301C772C9192ED4A979075D0BEFAD7A9D60F
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="NAudio" processorArchitecture="msil" version="1.8.5.0" />.. <file name="NAudio.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Core" publicKeyToken="b77a5c561934e089" version="3.5.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Windows.Forms" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssem

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):55904
                                                                                                Entropy (8bit):6.299047178318044
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:BYQaIZaEmaOQxn6JxKjtlMZAnuETAV+w4:aIhOQcSLAj4
                                                                                                MD5:580244BC805220253A87196913EB3E5E
                                                                                                SHA1:CE6C4C18CF638F980905B9CB6710EE1FA73BB397
                                                                                                SHA-256:93FBC59E4880AFC9F136C3AC0976ADA7F3FAA7CACEDCE5C824B337CBCA9D2EBF
                                                                                                SHA-512:2666B594F13CE9DF2352D10A3D8836BF447EAF6A08DA528B027436BB4AFFAAD9CD5466B4337A3EAF7B41D3021016B53C5448C7A52C037708CAE9501DB89A73F0
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W."Q...........!.................... ........ ;. ...................................`.....................................K.......................`>..........H................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......,O...`..........pD......P ......................................g.=d.N:..K..=mU.....M......^.....@........h.pX..9.web.~M}.R9 l9..2.....1S...{^..Pn....8.6k...S.-.K..$uXpy....t.'.%u/...+VC6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\System.Windows.Interactivity.dll.genman

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1604
                                                                                                Entropy (8bit):5.0894783401686015
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRTigePnktQcxuQcvS6cVS6clQctpS6To:3FYZ8h9oogIBuOohe5To
                                                                                                MD5:68772808B79200DB14057ADA8A03C0C7
                                                                                                SHA1:75E84B0F2D5BF7FCC39CC36F9D5722591FD2705F
                                                                                                SHA-256:FFF0DDBDE5642F9D91A1C383E67835BB161B6D2D69BADF190DB93CCD8BC1B054
                                                                                                SHA-512:01AC896B6283303737A4D194ECD232468A422AFEC02F22BA286F2D7DD265FE151EA9B730ADBDAFD259A63A76C11176304E0BADD494516C6931FB0746D24A9F7F
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="System.Windows.Interactivity" processorArchitecture="msil" publicKeyToken="31BF3856AD364E35" version="4.5.0.0" />.. <file name="System.Windows.Interactivity.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="WindowsBase" publicKeyToken="31bf3856ad364e35" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="PresentationCore" publicKeyToken="31bf3856ad364e35" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />..

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):2652864
                                                                                                Entropy (8bit):6.388226828949231
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:C6WoBzse+/Z3hKdFIMxJIJYqhI5SHHsaeIT+u+cL9yfpSYO3j9wBA8jfWgP2kK6s:ZFTJFyHHsaeIgcLCpmj9wBkJ
                                                                                                MD5:CB2F1A014FC73297AD52BE4C37CD8E80
                                                                                                SHA1:2F5891FBDABCF1DEB94D00715DD27382851A7049
                                                                                                SHA-256:4E12D64D98E2CC817D852033A82497AFF6857D9204AA7CE593CC1BFE01E95197
                                                                                                SHA-512:9837744954C89D111C0547A3F6C566F557D255D220196012EA82E3CB492575EADDA1DEA56ED1DC0F85A25B163D03FCEF1F8E0851460E93163E1361E0F670C156
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......\.........." ..0..X(..........w(.. ........... ........................(.......)...@.................................xw(.S.....(..............b(.......(...................................................... ............... ..H............text....W(.. ...X(................. ..`.rsrc.........(......Z(.............@..@.reloc........(......`(.............@..B.................w(.....H........d .............DE..P...<d .....................................>..(......}....*.0..A........{.....{....o....+..{.....{.....o}...+.o....+..{.....{.....o}...*...>..(......}....*..{....*.0..4........{.....+ ..+..(....(.....+.}....+..,.+.+...+..o....*.0...........(....8.....(.....8.....{....o....o....8S....{.....{....o....o.....{.....{...........{..........o.....{.....{...........{..........o.....{.....{...........{..........o.....{.....{...........{..........o.....{....

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.WPF.dll.genman

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2698
                                                                                                Entropy (8bit):5.032893369297872
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRwkgeP1udWqKvS6cMKWS6clQcxuQctQcVS6ciS6cWS6cBS6cf5b7cb:3FYZ8h9oKkgIioVdhupoFjCARe5QTo
                                                                                                MD5:C90151C32D07254B1182D57FE9955822
                                                                                                SHA1:57A870217C28052BEC203DDA4EAFA5EA5BF98D31
                                                                                                SHA-256:613F85AA26FB4BD8C0B8A5FDE62EA514DF09CA9F2E8FB55BCC2793F4C9671A1C
                                                                                                SHA-512:A06565BDDAF04E7279F5ABFC59DEECD9BAF803B73BEF555E0402F3E47AC33F8D30DD6F74376C7D4A5E457B0BD1BBDBC8B861CDAB370A87CC6EF967EB6ABA3448
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="TeeChart.Standard.WPF" processorArchitecture="msil" publicKeyToken="7D79220C74C907B6" version="4.2018.12.17" />.. <file name="TeeChart.Standard.WPF.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Core" publicKeyToken="b77a5c561934e089" version="4.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="PresentationFramework" publicKeyToken="31bf3856ad364e35" version="4.0.0.0" />.. </de

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):3752128
                                                                                                Entropy (8bit):6.377779143417661
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:9uP96XJFC+yIo9o5sFlXT80p3dyjIjKffy2FV6HS2L0qP8hJ6dXXT/xjHHsao9PK:9HyIxKHHsao9CI2
                                                                                                MD5:D82F1623BC03A26073D25E6D531686A8
                                                                                                SHA1:96A92F0297E703C256D6E2B9A25792B42B991E03
                                                                                                SHA-256:1299ADCE2AE24CFCF025764128722577D8C7E85A3404C938FF5BFE4491F4BD23
                                                                                                SHA-512:E002026128D4FF059854B8CC151E3D1A8A6BC62057E83DF978137CCDB801CB2C02C63B6B8B36C3FDD1B044055F4A9C77142B0680D81E31E3A28389DBF896B428
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......\.........." ..0...9..........29.. ........ B. ........................9.....j-:...@..................................19.O....@9..............(9......`9...................................................... ............... ..H............text.....9.. ....9................. ..`.rsrc........@9.......9.............@..@.reloc.......`9......&9.............@..B.................19.....H........#...............q......X#........................................{....*"..}....*.....{....*"..}....*.....{....*"..}....*.....+...(......(....+.(....+...(....*.:.(......}....*...{....*"..}....*....0..F........+3..+...+...}....+.}....+....}....+.}....+....}....+.(....+....}....*....{....*..{....*"..}....*.....{....*"..}....*.....{....*"..}....*.....{....*"..}....*.....{....*"..}....*....0............8.......8..... .'..(.'..+c.r...p}......} .....}!.....}'.....{....(K"..

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\TeeChart.Standard.dll.genman

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2143
                                                                                                Entropy (8bit):5.050151795862494
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:JdFYZ8h9onRw5geP1udWq1vSkcZdcVSkcf5bdcTdcHSkciSkcBSkcfzdTo:3FYZ8h9oK5gIizOGAXmQDsABTo
                                                                                                MD5:D184ED12D2711C498A7782B001D8CC32
                                                                                                SHA1:91B7D6BE2238341E1B965CB0BC0D6AFDB4461765
                                                                                                SHA-256:B7BF3E123BB5678DE57054379E4CB1F9B54801321DF13839EFFB40EE7EC3A04D
                                                                                                SHA-512:900B2CE9BC151E05ED531E9EA1A00F1C159A8859B6A5B3D485EE9419E41C649DB079162B394EA57969B045B2E630745B2BA403F72B895AE3554EBB0869769E4C
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="TeeChart.Standard" processorArchitecture="msil" publicKeyToken="7D79220C74C907B6" version="4.2018.12.17" />.. <file name="TeeChart.Standard.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Web" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </de

                                                                                                C:\Users\user\AppData\Local\Temp\Deployment\Z3AMQ27M.OL5\VJKVR2K8.GZT\noptel_logo_12d.ico

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:MS Windows icon resource - 1 icon, -86x-116, 32 bits/pixel
                                                                                                Category:dropped
                                                                                                Size (bytes):98622
                                                                                                Entropy (8bit):2.7195991793490504
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:+6OTQIjQwjQwjQwjQwVQwVQwVQwVQKQyQqQ+Q2QaQaQcQEQEQfsQaWQ9QEQgQgQR:
                                                                                                MD5:5C19A250AB86C3C63D97359B84A10561
                                                                                                SHA1:F5A41D4BAF8A269ACC402B5A279C88AD8BA33BBD
                                                                                                SHA-256:0C791E3BD506C7EC9184D31830CBC660F440341F20135950C2A7762AC95D95B4
                                                                                                SHA-512:5809B67AF57435C5030B508C11A8922411F7C08C2BC1345C51D70461BF18E9223931B4792E78D33AADBA427F33721074A525447C06287F2DC4505533A752A4ED
                                                                                                Malicious:false
                                                                                                Preview:............ .(.......(............. ......s............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\VSDC16E.tmp\install.log

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):6168
                                                                                                Entropy (8bit):3.6601550688132165
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:kl82sPbb1YR+dLko8r19QDEsoJOQDUl8AkTqDpqDfiEiJih0kDdGihKFTaA1kx8E:s85/rmfsxv8At9Y+SuBimysxK8An6HC
                                                                                                MD5:C26E5E15747C73332430027BBF828FD6
                                                                                                SHA1:B117D3386F5BBD205D6E7B4F97929DC2598FCBC6
                                                                                                SHA-256:36B181C0D064DD5EA01777F0FE0228550DF9D8C3D605ABD8D5330E1B93A4D051
                                                                                                SHA-512:51588E3E685E9AD2E4FAD6AACFD8A4947EA57CC4A41AE882B1BB6AF8F2AC6F74BE4B3C98AFDD95B2C9422A75CDFD43FAB90157D5A6AE2999F7AA80961F1BEC94
                                                                                                Malicious:false
                                                                                                Preview:T.h.e. .f.o.l.l.o.w.i.n.g. .p.r.o.p.e.r.t.i.e.s. .h.a.v.e. .b.e.e.n. .s.e.t.:.....P.r.o.p.e.r.t.y.:. .[.A.d.m.i.n.U.s.e.r.]. .=. .t.r.u.e. .{.b.o.o.l.e.a.n.}.....P.r.o.p.e.r.t.y.:. .[.I.n.s.t.a.l.l.M.o.d.e.]. .=. .H.o.m.e.S.i.t.e. .{.s.t.r.i.n.g.}.....P.r.o.p.e.r.t.y.:. .[.N.T.P.r.o.d.u.c.t.T.y.p.e.]. .=. .1. .{.i.n.t.}.....P.r.o.p.e.r.t.y.:. .[.P.r.o.c.e.s.s.o.r.A.r.c.h.i.t.e.c.t.u.r.e.]. .=. .A.M.D.6.4. .{.s.t.r.i.n.g.}.....P.r.o.p.e.r.t.y.:. .[.V.e.r.s.i.o.n.N.T.]. .=. .1.0...0...0. .{.v.e.r.s.i.o.n.}.....R.u.n.n.i.n.g. .c.h.e.c.k.s. .f.o.r. .p.a.c.k.a.g.e. .'.M.i.c.r.o.s.o.f.t. ...N.E.T. .F.r.a.m.e.w.o.r.k. .4...6...1. .(.x.8.6. .a.n.d. .x.6.4.).'.,. .p.h.a.s.e. .B.u.i.l.d.L.i.s.t.....R.e.a.d.i.n.g. .v.a.l.u.e. .'.R.e.l.e.a.s.e.'. .o.f. .r.e.g.i.s.t.r.y. .k.e.y. .'.H.K.L.M.\.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.N.E.T. .F.r.a.m.e.w.o.r.k. .S.e.t.u.p.\.N.D.P.\.v.4.\.F.u.l.l.'.....R.e.a.d. .i.n.t.e.g.e.r. .v.a.l.u.e. .5.2.8.3.7.2.....S.e.t.t.i.n.g. .v.a.l.u.e. .'.5.2.8.3.7.2. .{.i.n.

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy\LRF Demonstration Software online support.url

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:Generic INItialization configuration [InternetShortcut]
                                                                                                Category:dropped
                                                                                                Size (bytes):147
                                                                                                Entropy (8bit):5.045357358908461
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:jvnow32/0S4+74ZbABGQYm/0S4+7430GKbycAI4/E4ovy:j/owm/r4+74lFVm/r4+74gyc8Elvy
                                                                                                MD5:BB7C7635CABB98B638CE0BD4D5760A00
                                                                                                SHA1:E60B146BD624026BFC1D50D54C9FA2E65C273663
                                                                                                SHA-256:6D06F781AB4458AB4BF0E9EDBFAB994A023138EF83782F5AD2A3FC999D4D6F24
                                                                                                SHA-512:E2EDA0D71B16DB6948D6721EBB3196D5C688E04C42755796395C3FA40A92998F3A5C5594A49E93CA3B261D14BD27E227A91764B98840054591BAEC135E105165
                                                                                                Malicious:false
                                                                                                Preview:[Default]..BASEURL=http://www.noptel.fi/..[InternetShortcut]..URL=http://www.noptel.fi/....IconFile=C:\Windows\system32\dfshim.dll..IconIndex=0....

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noptel Oy\LRF Demonstration Software.appref-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):466
                                                                                                Entropy (8bit):3.459454743009143
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:QKOKtJjJ7GfwETN3VEuSCsEu162l3el6PMTMlWlKURWe:QKl1GfwE53VE5EYNca6kWQUwe
                                                                                                MD5:B6A407931728745C5F788994F4AB0C99
                                                                                                SHA1:F11C240ACBA9F2A61860953297870C3E0EB1DF28
                                                                                                SHA-256:744A66309CAAD0C225DDB50AA3CB5C70230DE237AE6591F0D8D75A433F85070C
                                                                                                SHA-512:2DA61B25614E5CC872CEEE0AD5AC484F59BC97970DD701F78DDFF54D7AF18B7F37C8432BB8CAC43AF218CFA728A903D8697AB5F7EA193146F5EF69AA3421BFEF
                                                                                                Malicious:false
                                                                                                Preview:..f.i.l.e.:./././.C.:./.U.s.e.r.s./.c.a.l.i./.D.e.s.k.t.o.p./.L.R.F.-.D.e.m.o.n.s.t.r.a.t.i.o.n.-.S.o.f.t.w.a.r.e.-.2...0...0...4./.2...0...0...4./.L.R.F.%.2.0.D.e.m.o.n.s.t.r.a.t.i.o.n.%.2.0.S.o.f.t.w.a.r.e...a.p.p.l.i.c.a.t.i.o.n.#.L.R.F. .D.e.m.o.n.s.t.r.a.t.i.o.n. .S.o.f.t.w.a.r.e...a.p.p.l.i.c.a.t.i.o.n.,. .C.u.l.t.u.r.e.=.n.e.u.t.r.a.l.,. .P.u.b.l.i.c.K.e.y.T.o.k.e.n.=.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.,. .p.r.o.c.e.s.s.o.r.A.r.c.h.i.t.e.c.t.u.r.e.=.m.s.i.l.

                                                                                                C:\Users\user\Desktop\-\diagnostics data\-_-0_20241001_09.13.00.dsp

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):21
                                                                                                Entropy (8bit):3.141619208183979
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:1MMz69sn:x2C
                                                                                                MD5:66EAC0776FC1549BD6C5053B6CF55BF0
                                                                                                SHA1:FC14DE3D2BBEE2AD2A58AD4F967A03DEDD21C2D6
                                                                                                SHA-256:07D27204DD709569D63F1EB48C74F5D099DA57E8D2A799B01FDF74C1A18A4A1D
                                                                                                SHA-512:75D3B7DFD575EAA03D28C5AE4ACD730014AEAC28E074DD87FA272E4B62178139A817FB0663F0A9021C450563747727FB719343A65E9DB9E709E92D56770E7359
                                                                                                Malicious:false
                                                                                                Preview:01/10/2024 09:13:00..

                                                                                                C:\Users\user\Desktop\LRF Demonstration Software.appref-ms

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):466
                                                                                                Entropy (8bit):3.459454743009143
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:QKOKtJjJ7GfwETN3VEuSCsEu162l3el6PMTMlWlKURWe:QKl1GfwE53VE5EYNca6kWQUwe
                                                                                                MD5:B6A407931728745C5F788994F4AB0C99
                                                                                                SHA1:F11C240ACBA9F2A61860953297870C3E0EB1DF28
                                                                                                SHA-256:744A66309CAAD0C225DDB50AA3CB5C70230DE237AE6591F0D8D75A433F85070C
                                                                                                SHA-512:2DA61B25614E5CC872CEEE0AD5AC484F59BC97970DD701F78DDFF54D7AF18B7F37C8432BB8CAC43AF218CFA728A903D8697AB5F7EA193146F5EF69AA3421BFEF
                                                                                                Malicious:false
                                                                                                Preview:..f.i.l.e.:./././.C.:./.U.s.e.r.s./.c.a.l.i./.D.e.s.k.t.o.p./.L.R.F.-.D.e.m.o.n.s.t.r.a.t.i.o.n.-.S.o.f.t.w.a.r.e.-.2...0...0...4./.2...0...0...4./.L.R.F.%.2.0.D.e.m.o.n.s.t.r.a.t.i.o.n.%.2.0.S.o.f.t.w.a.r.e...a.p.p.l.i.c.a.t.i.o.n.#.L.R.F. .D.e.m.o.n.s.t.r.a.t.i.o.n. .S.o.f.t.w.a.r.e...a.p.p.l.i.c.a.t.i.o.n.,. .C.u.l.t.u.r.e.=.n.e.u.t.r.a.l.,. .P.u.b.l.i.c.K.e.y.T.o.k.e.n.=.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.,. .p.r.o.c.e.s.s.o.r.A.r.c.h.i.t.e.c.t.u.r.e.=.m.s.i.l.

                                                                                                C:\Users\user\Pictures\20241001_09.13.33----.0.png

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe
                                                                                                File Type:PNG image data, 877 x 462, 8-bit/color RGBA, non-interlaced
                                                                                                Category:dropped
                                                                                                Size (bytes):8673
                                                                                                Entropy (8bit):7.385062921845818
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:XQwBNDtDGy6EFNyoGUsbEtcfEzqC/M/CVLFxYQFga:PTtDD1PxVt53xY2
                                                                                                MD5:2267D5D2C0B2B93F8056F9ED6D86CA30
                                                                                                SHA1:D5C380A83F2AB4FFBD63F7D82B2B01033365BDB7
                                                                                                SHA-256:F9F51204CB230DC9ADD8E49790E82F6CFBA019D06254059C130A72B661A58043
                                                                                                SHA-512:AF27A8636C3A80698A02A2F13382728C7374A2198C542CED2E00833228C18266140D8ABD11D9D9C9A9E99CDAAE0E5E25FF2DC8D6FAB5E05E20FA9601256C3B69
                                                                                                Malicious:false
                                                                                                Preview:.PNG........IHDR...m................sRGB.........gAMA......a.....pHYs..........o.d..!vIDATx^..n#Y...4e.......y.L.`...0..@.B..r..&.....6q.....:.A.:<U..QK.....L......N..........a..a..a..F.o......zM.....%......m.....6....D...@`.... 0......h....L.....&......m.....6....D...@`.... 0......h....L.....&......m.....6....D...@`.....8...o;...u.~...z...g..v.............._.x8.....\_o.v.k..j.y/~....]Z...Z...5...w....g........n.6.C).~+........l.n{...v.W........~=.]...^..w.......sm...X..t.b.}..W.u...m:.......H.}.m.e.o\.7....r...?~.....<..8.........:j..z}{^..n..K..[...._...\.........--.hm....c...6.2.g...|_..U.n.....+.^.M...um...q.ow..W..?.-...T.{....m.s...D.|%...-.4.g&.+.......m[......m..;....4l.......X[U....g......4.=...&.......ay..zL.7.x#|.......w..h...|}K6].x..^.e.l.~.|...........6...7..l..of....30.~_>...s.....{.......q...o7.}>...3.-...9.D..{'....P_.i.../......v...F....u\...v..|K.4~?............[...^..|..........H..D.....,.._Z.~..M...A^.....u......

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                Entropy (8bit):7.998636955354573
                                                                                                TrID:
                                                                                                • ZIP compressed archive (8000/1) 99.91%
                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.09%
                                                                                                File name:LRF-Demonstration-Software-2.0.0.4.zip
                                                                                                File size:5'558'595 bytes
                                                                                                MD5:5227c7472490433f23661011d1822fca
                                                                                                SHA1:916a590cb230db87ee2158275267efe801033d20
                                                                                                SHA256:a798a77a7983a3962be5a295f0a5858a36872d1b684b3d13e3e69b1d8b0259b0
                                                                                                SHA512:eb9a23771bd3392b7de09fc9b5a99079f6f3413ebc14df3c47f0213efc548c78dff6ca6ec4ae4b8811574a43c575c842e50c4c59cb468a4e9bc3332704d8e8a7
                                                                                                SSDEEP:98304:ED2USNd6S1rbxwmVk9X/QNAFhZUFy16DqEImh5T+Q1w0eS71:ED2vNkSxbxLVsX/QWWJImr62veS5
                                                                                                TLSH:AB4633E7ACB325EFF46B02BC9128D16DD4E506B9F38EF1E4A6204A21BB4D1374312597
                                                                                                File Content Preview:PK........fi3Y................2.0.0.4/PK.........h3Y................2.0.0.4/Application Files/PK........fi3Y............=...2.0.0.4/Application Files/LRF Demonstration Software_2_0_0_4/PK........ei3Ykt10........c...2.0.0.4/Application Files/LRF Demonstrat

                                                                                                File Icon

                                                                                                Icon Hash:1c1c1e4e4ececedc

                                                                                                Network Behavior

                                                                                                No network behavior found

                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:09:12:22
                                                                                                Start date:01/10/2024
                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                Imagebase:0x7ff677980000
                                                                                                File size:71'680 bytes
                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:10
                                                                                                Start time:09:12:37
                                                                                                Start date:01/10/2024
                                                                                                Path:C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\setup.exe"
                                                                                                Imagebase:0x850000
                                                                                                File size:820'736 bytes
                                                                                                MD5 hash:FDD0AB2ED66CC4DB2410048204A366F0
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:11
                                                                                                Start time:09:12:38
                                                                                                Start date:01/10/2024
                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                Imagebase:0x207eb5b0000
                                                                                                File size:24'856 bytes
                                                                                                MD5 hash:B4088F44B80D363902E11F897A7BAC09
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:12
                                                                                                Start time:09:12:46
                                                                                                Start date:01/10/2024
                                                                                                Path:C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"
                                                                                                Imagebase:0xba0000
                                                                                                File size:2'933'248 bytes
                                                                                                MD5 hash:B925F79742799809616184C9F7F433F9
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:15
                                                                                                Start time:09:13:07
                                                                                                Start date:01/10/2024
                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbApplication C:\Users\user\Desktop\LRF-Demonstration-Software-2.0.0.4\2.0.0.4\LRF Demonstration Software.application
                                                                                                Imagebase:0x7ff677980000
                                                                                                File size:71'680 bytes
                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:16
                                                                                                Start time:09:13:08
                                                                                                Start date:01/10/2024
                                                                                                Path:C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q8RBY9WD.CWT\05N1XM83.TV3\lrfd..tion_0000000000000000_0002.0000_a6c481c8d3f3a109\LRF Demonstration Software.exe"
                                                                                                Imagebase:0x1f0000
                                                                                                File size:2'933'248 bytes
                                                                                                MD5 hash:B925F79742799809616184C9F7F433F9
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:false

                                                                                                Disassembly

                                                                                                No disassembly