Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Broker_Service_x64.msi

Overview

General Information

Sample name:Broker_Service_x64.msi
Analysis ID:1529042
MD5:2d8222e63cc0a2d86d80a57d26347c84
SHA1:8d762e32f294bc971873f031027393520ac0161d
SHA256:991636b9ba9a4a528e0267de74cad67012fe031dc5b859a9a7a32a1303b90dd8
Infos:

Detection

Score:30
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)
Modifies Internet Explorer zone settings
Modifies Internet Explorer zonemap settings
Query firmware table information (likely to detect VMs)
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 648 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Broker_Service_x64.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • svchost.exe (PID: 3576 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 5640 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • msiexec.exe (PID: 5096 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6756 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 61840644E35B0012964490F7155C79A4 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6596 cmdline: C:\Windows\System32\MsiExec.exe -Embedding F4607A9CFBE627DAA7B1AF4F0A87DD4D C MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 3452 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 7D00F72EBD1F03FE2BA91EB00E79F5F2 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 4036 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 40FEA25D10AEAC450300A64B6E69AD51 MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2056 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E5BAB935B9E62F5EF499449BA355B5C1 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • wevtutil.exe (PID: 2980 cmdline: "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.man" MD5: 3C0E48DA02447863279B0FE3CE7FE5E8)
        • conhost.exe (PID: 1792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • wevtutil.exe (PID: 2412 cmdline: "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.man" /fromwow64 MD5: 1AAE26BD68B911D0420626A27070EB8D)
      • wevtutil.exe (PID: 6332 cmdline: "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.man" MD5: 3C0E48DA02447863279B0FE3CE7FE5E8)
        • conhost.exe (PID: 6276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • wevtutil.exe (PID: 5580 cmdline: "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.man" /fromwow64 MD5: 1AAE26BD68B911D0420626A27070EB8D)
      • wevtutil.exe (PID: 7080 cmdline: "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.man" MD5: 3C0E48DA02447863279B0FE3CE7FE5E8)
        • conhost.exe (PID: 1292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • wevtutil.exe (PID: 6836 cmdline: "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.man" /fromwow64 MD5: 1AAE26BD68B911D0420626A27070EB8D)
      • sc.exe (PID: 3256 cmdline: "C:\Windows\SysWOW64\sc.exe" sidtype CitrixBrokerService unrestricted MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
        • conhost.exe (PID: 3260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • BrokerService.exe (PID: 5328 cmdline: "C:\Program Files\Citrix\Broker\Service\BrokerService.exe" -Upgrade MD5: CB044A172BFC56F40916FDDFB0381694)
        • conhost.exe (PID: 6472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • RegisterPlugins.exe (PID: 3636 cmdline: "C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -Pipeline "C:\Program Files\Citrix\Broker\Service\Pipeline\" MD5: 42B1415948404168E021518E8A5EE683)
        • conhost.exe (PID: 2712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • RegisterPlugins.exe (PID: 4188 cmdline: "C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -PluginsRoot "C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\" MD5: 42B1415948404168E021518E8A5EE683)
        • conhost.exe (PID: 5964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • RegisterPlugins.exe (PID: 1792 cmdline: "C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -PluginsRoot "C:\Program Files\Common Files\Citrix\HCLPlugins\ManagedMachine\v2.5.0.0\" MD5: 42B1415948404168E021518E8A5EE683)
        • conhost.exe (PID: 5688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 6468 cmdline: C:\Windows\System32\MsiExec.exe -Embedding B57FEBC80AACA307814E81531C396CA3 E Global\MSI0000 MD5: E5DA170027542E25EDE42FC54C929077)
  • svchost.exe (PID: 5064 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5428 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 4340 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 2916 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 7044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 5260 cmdline: C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 3924 cmdline: C:\Windows\system32\svchost.exe -k LocalService -s W32Time MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 4260 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • BrokerService.exe (PID: 4456 cmdline: "C:\Program Files\Citrix\Broker\Service\BrokerService.exe" MD5: CB044A172BFC56F40916FDDFB0381694)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\Citrix\Broker\Service\RestSharp.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Program Files\Citrix\Broker\Service\System.Management.Automation.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Program Files\Citrix\Broker\Service\System.Management.Automation.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

        Sigma Signatures

        Sigma detected: Modification of IE Registry Settings
        Source: Registry Key setAuthor: frack113: Data: Details: , EventID: 13, EventType: SetValue, Image: C:\Program Files\Citrix\Broker\Service\BrokerService.exe, ProcessId: 4456, TargetObject: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\(Default)
        Sigma detected: Windows Processes Suspicious Parent Directory
        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k NetworkService -p, CommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p, ProcessId: 3576, ProcessName: svchost.exe

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results
        Source: ccauthcpp_dynamic.dll.4.drBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_16f64683-e
        Source: C:\Windows\System32\msiexec.exeWindow detected: WixUI_Bmp_DialogI &accept the terms in the License Agreement&Print&Back&InstallCancelCITRIX LICENSE AGREEMENTUse of this component is subject to the Citrix license or terms of service covering the Citrix product(s) and/or service(s) with which you will be using this component. This component is licensed for use only with such Citrix product(s) and/or service(s).CTX_code EP_R_A10352779Please read the Citrix Broker Service License Agreement
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CitrixJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\BrokerJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\ServiceJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\PipelineJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdaptersJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\UpdateScriptsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\deJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\esJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\frJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\jaJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\zh-CNJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ImportScriptsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\CitrixJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPluginsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\HypervisorJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServerJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMwareJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMMJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWSJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\ManagedMachineJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\ManagedMachine\v2.5.0.0Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\ThirdPartyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\ThirdParty\v2.5.0.0Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\CitrixMachineCreationJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\CitrixMachineCreation\v1.0.0.0Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\32Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\32\ccauthcpp_dynamic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\64Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\64\ccauthcpp_dynamic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ActiveDirectory.SiteManagement.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ADIdentityInterService.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.manJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\amd64Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\amd64\libccauth.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Utilities.AssemblyResolver.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Authentication.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Avro.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Aws.Batcher.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSPlugin.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.EBS.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.EC2.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.IdentityManagement.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.S3.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.SecurityToken.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Azure.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Azure.Identity.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Setup ScriptsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Setup Scripts\BackupDesktopServerKeys.ps1Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BaseDAL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\BlankVhdTemplate.vhdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\BlankVhdTemplate.vhdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\BlankVhdTemplate.vhdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\BlankVhdTemplate.vhdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\BlankVhdTemplate.vhdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BouncyCastle.Cryptography.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerAdminQuery.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerAdminService.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerCde.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerCdeLibrary.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerComponentCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerComponent.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerDAL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerEnvTests.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.manJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerFiltering.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerSDKDefinition.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerSDKLogic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerService.exe.config.origJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerServiceEventLogResources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerService.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerServiceSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\Castle.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Castle.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Castle.Windsor.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CbpConstants.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CbpControllerSdk.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CbpTypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CdeEvents.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CdeLibrary.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Diagnostics.Tracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Networking.WebSocket.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Networking.WebSocket.pdbJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.Authentication.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViewsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.NgsTunnel.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utilities.AssemblyResolver.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utilities.EnumCache.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utils.Strings.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ADIdentity.DataModel.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Base.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Broker.CasCommandQueuePayload.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.Common.Classic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.OnPremiseCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.OnPremiseContracts.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Core.Api.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Diagnostics.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Logging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Monitoring.ApplicationInsights.Shared.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Redis.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Security.CCAuth.Managed.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.Configuration.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Trust.Api.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Utilities.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ConfigLogging.Wcf.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ConfigurationLogging.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Configuration.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.DelegatedAdmin.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Monitor.BrokerCodes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DelegatedAdminInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.ServiceCommon.KeySharingInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.ServiceCore.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.Utilities.Sids.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Host.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.HostView.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Wcf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Wcf.Types.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.IconConverter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Logging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Utilities.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.MachineCreationAPI.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.MachineCreationAPI.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachineAPI.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachineAPI.HostView.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachinePluginFinder.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.OperationalEvents.Broker.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.OperationalEvents.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Services.ServiceHosting.WindowsServiceHostingApi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Services.ServiceLocator.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Trust.Library.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasConfigClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasEventHubClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.AspNet.CitrixCloud.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.AspNet.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.CitrixCloudCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Profiles.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.CasDispatcher.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cdf.Net.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.AclStore.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.ServiceRegistry.Grpc.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.ServiceRegistry.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.VirtualSiteRegistry.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Common.Headers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Exporter.NewRelic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Exporter.Cas.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Wcf.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Tc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.WebSocket.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Wcf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Http.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Exceptions.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Exceptions.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Grpc.Client.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Grpc.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Hostname.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Hostname.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Logging.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Posh.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.RateLimiting.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.RateLimiting.Wcf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Rest.Client.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Rest.Client.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Retry.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Signer.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Tenancy.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Tenancy.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utilities.AssemblyResolver.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utilities.EnumCache.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Collections.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.DateTime.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Dynamic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Events.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Minimatch.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Networking.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Objectpool.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Reflection.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Retry.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.SecretBuffer.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Serialization.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Strings.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\ContractsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.Xaxd.Utils.Strings.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.StrongName.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Uri.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Windows.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Wcf.Client.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Wcf.Client.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.XenDesktop.Cloud.DataStore.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.XenDesktop.Cloud.DataStore.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\deJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\de\CloudCommon.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\esJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\es\CloudCommon.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\frJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\fr\CloudCommon.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\jaJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\ja\CloudCommon.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\zh-CNJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\zh-CN\CloudCommon.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\CloudCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ComponentInterface.Constants.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ComponentInterface.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ConfigLoggingSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Setup Scripts\ConfigureHighAvailabilityService.ps1Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ControllerDAL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ControllerInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\CookComputing.XmlRpcV2.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CredentialSecurity64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\csJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\cs\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\cs\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CtxAdmin.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CtxMcp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CtxSta.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\CustomProvisioningCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\BrokerServiceSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Citrix.Base.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Citrix.CloudServices.Core.Api.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Citrix.IconConverter.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\ConfigLoggingSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\FmaCommonEnvTests.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\FmaConfigLoggingClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\GpAnalyzer.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\GpDocument.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\GpfxSettings.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ImportScripts\Default.zipJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\DelegatedAdminSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\DnsIpSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\DocumentFormat.OpenXml.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\UpdateScripts\downgrade_site_7.41.1100.0-7.41.100.0.xduJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\BrokerServiceSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Citrix.Base.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Citrix.CloudServices.Core.Api.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Citrix.IconConverter.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\ConfigLoggingSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\FmaCommonEnvTests.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\FmaConfigLoggingClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\GpAnalyzer.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\GpDocument.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\GpfxSettings.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\EventLogCodeGenHelper.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\EventLog.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaAbstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaActiveDirectory.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaActiveDirectory.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaCommandLine.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaCommandQueues.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaCommonEnvTests.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingClientInterService.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingShared.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaDalAttributes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaDalExceptions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaDalRuntime.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaDependencyInjection.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaEnv.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaEnv.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaEnvTestInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaEnv.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaEventLog.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaFeature.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaFeature.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaFiltering.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaFilteringSdkSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaIdentity.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaIdentity.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Interface.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaLogging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaLogging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaLogging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaPlugin.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaProductInfo.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaRegistry.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaRegistry.Interface.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSchemaProbeDal.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSchemaTools.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSecretEncryption.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSecretEncryptionManager.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.DelegatedAdmin.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Features.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Ism.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.KeySharing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Logging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceDiscovery.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceRegistration.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Settings.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.Interface.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSiteManager.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSiteProvider.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceControlInterface.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaServiceStatus.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceStatus.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSiteServices.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSiteServicesSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSqlScriptBuilder.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSqlUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaTransactionScope.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FMAUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaWcf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\BrokerServiceSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.Base.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.CloudServices.Core.Api.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.IconConverter.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\ConfigLoggingSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\FmaCommonEnvTests.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\FmaConfigLoggingClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\GpAnalyzer.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\GpDocument.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\GpfxSettings.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Google.Api.CommonProtos.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Google.Protobuf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\GpAnalyzer.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\GpContracts.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\GpDocument.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\GpfxSettings.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\GpXmlSchema.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\grpc_csharp_ext.x64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\grpc_csharp_ext.x86.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Grpc.Core.Api.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Grpc.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Grpc.Net.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Grpc.Net.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Contracts.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HCL.Shared.Contracts.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.TlsCertificateVerification.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.TlsCertificateVerification.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.manJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ControlScriptsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ControlScripts\HighAvailabilityServiceControl.psm1Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\HighAvailabilityServiceEventLogResources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\HostingManagementComponent.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HypervisorCommunicationsLibrary.AddInSideAdapter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdaptersJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.HypervisorCommunicationsLibrary.HostSideAdapter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.Wcf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.Wcf.Types.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\i386Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\i386\libccauth.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IBrokerAdminQuery.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IBrokerDAL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IBrokerDALInternal.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IControllerDAL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IControllerDALInternal.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ICwcSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IDnsIpSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IEdgeProxySupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ILeasingControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSConfigurationJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSConfiguration\InstanceTypes.xmlJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSConfiguration\InstanceTypes.xsdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Interop.GPMGMTLib.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Interop.NetFwTypeLib.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\iobfuncdll.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ISdkLogic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ISecondaryBrokerControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\itJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\BrokerServiceSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.Base.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.CloudServices.Core.Api.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.IconConverter.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\ConfigLoggingSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\FmaCommonEnvTests.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\FmaConfigLoggingClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\GpAnalyzer.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\GpDocument.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\GpfxSettings.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\koJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\LhcUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Licensing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\LicPolEng.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.ManagedMachineAPI.AddInSideAdapter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.ManagedMachineAPI.Contracts.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.ManagedMachineAPI.HostSideAdapter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Microsoft.Bcl.AsyncInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.Logging.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.ObjectPool.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Microsoft.Extensions.ObjectPool.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.ApplicationInsights.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.Http.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.Http.Features.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.SystemWebAdapters.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.WebKey.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Services.AppAuthentication.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Storage.Blob.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Storage.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Bcl.AsyncInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Bcl.HashCode.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Edm.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.OData.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Services.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.arm64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.x64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.x86.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Tools.Sql.BatchParser.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Deployment.Compression.Cab.dllJump to behavior
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\logging\cdf_sharp\win\anycpu-release__\obj\release\net472\Citrix.Diagnostics.Tracing.pdb source: BrokerService.exe, 0000001D.00000002.1915055457.00000194AB472000.00000002.00000001.01000000.0000001E.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\utils\assembly_resolver\anycpu-release__\obj\release\net472\Citrix.Xaxd.Utilities.AssemblyResolver.pdb source: BrokerService.exe, 0000001D.00000002.1909505618.00000194911D2000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\RemoteHCLClient\anycpu-release__\obj\release\net472\RemoteHCLClient.pdb(} source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Libraries\Cbp\CbpControllerSdk\anycpu-release__\obj\release\net472\CbpControllerSdk.pdb source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Shared\LhcUtils\anycpu-release__\obj\release\net472\LhcUtils.pdb source: BrokerService.exe, 0000001D.00000002.1909945480.0000019491282000.00000002.00000001.01000000.0000000F.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\BrokerComponent\anycpu-release__\obj\release\net472\BrokerComponent.pdb source: BrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmp
        Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ValueTuple/net47\System.ValueTuple.pdb62P2 B2_CorDllMainmscoree.dll source: BrokerService.exe, 0000001F.00000002.2549401679.000002544F472000.00000002.00000001.01000000.00000036.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaSids\anycpu-release__\obj\release\net472\Citrix.Fma.Sdk.Utilities.Sids.pdb source: BrokerService.exe, 0000001F.00000002.2555275324.0000025451652000.00000002.00000001.01000000.00000046.sdmp
        Source: Binary string: Microsoft.Data.SqlClient.SNI.pdb source: Microsoft.Data.SqlClient.SNI.x64.dll.4.dr, Microsoft.Data.SqlClient.SNI.x86.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\Wpnbr\anycpu-release__\obj\release\net472\Wpnbr.pdbQ source: BrokerService.exe, 0000001D.00000002.1917130914.00000194AB772000.00000002.00000001.01000000.00000030.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\CtxAdmin\anycpu-release__\obj\release\net472\CtxAdmin.pdb source: BrokerService.exe, 0000001D.00000002.1916802918.00000194AB6C2000.00000002.00000001.01000000.0000002C.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.ServiceRegistration\anycpu-release__\obj\release\net472\FmaServiceCommon.ServiceRegistration.pdb source: BrokerService.exe, 0000001F.00000002.2555021751.0000025451632000.00000002.00000001.01000000.00000045.sdmp
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/Release/net462/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\ICwcSupport\anycpu-release__\obj\release\net472\ICwcSupport.pdbX4r4 d4_CorDllMainmscoree.dll source: ICwcSupport.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\GroupPolicy\GpAnalyzer\Analyzer\anycpu-release__\obj\release\net472\GpAnalyzer.pdbH source: GpAnalyzer.dll.4.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Rest.ClientRuntime\Release\net461\Microsoft.Rest.ClientRuntime.pdbSHA256TS- source: Microsoft.Rest.ClientRuntime.dll.4.dr
        Source: Binary string: X:\src\HelperPackages\Bootstrap\Bootstrap_CA\wh32\retail\vc80\static\bootstrap_ca.pdbH source: MSIDD31.tmp.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\XmlMultiplexer\anycpu-release__\obj\release\net472\XmlMultiplexer.pdb source: BrokerService.exe, 0000001D.00000002.1916476987.00000194AB682000.00000002.00000001.01000000.00000029.sdmp
        Source: Binary string: /_/obj/src/Microsoft/SqlServer/Management/CollectorEnum/Release/net462/Microsoft.SqlServer.Management.CollectorEnum.pdb source: Microsoft.SqlServer.Management.CollectorEnum.dll.4.dr
        Source: Binary string: Microsoft.Data.SqlClient.SNI.pdbGCTL source: Microsoft.Data.SqlClient.SNI.x64.dll.4.dr, Microsoft.Data.SqlClient.SNI.x86.dll.4.dr
        Source: Binary string: T:\altsrc\github\grpc\workspace_csharp_ext_windows_x64\cmake\build\x64\grpc_csharp_ext.pdb source: grpc_csharp_ext.x64.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaRegistry.Interface\anycpu-release__\obj\release\netstandard2.0\FmaRegistry.Interface.pdbL6f6 X6_CorDllMainmscoree.dll source: BrokerService.exe, 0000001D.00000002.1910001253.0000019491292000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\CtxMcp\anycpu-release__\obj\release\net472\CtxMcp.pdb source: BrokerService.exe, 0000001D.00000002.1917548815.00000194ABA52000.00000002.00000001.01000000.00000032.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\DiscUtils\src\anycpu-release__\obj\release\net472\DiscUtils.pdb source: DiscUtils.dll4.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.VirtualSite\anycpu-release__\obj\release\net472\FmaServiceCommon.VirtualSite.pdb source: BrokerService.exe, 0000001F.00000002.2554388742.00000254515D2000.00000002.00000001.01000000.00000042.sdmp, FmaServiceCommon.VirtualSite.dll.4.dr
        Source: Binary string: c:\projects\nlog\NLog.ManualFlush\obj\Release\NLog.ManualFlush.pdb source: NLog.ManualFlush.dll.4.dr
        Source: Binary string: C:\jenkins\workspace\AuthX\Build-Custom\Build-CCAuthCpp-Master\cmake_windows_32\src\Release\ccauthcpp_dynamic.pdb source: ccauthcpp_dynamic.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaEnv\anycpu-release__\obj\release\netstandard2.0\FmaEnv.pdb source: BrokerService.exe, 0000001D.00000002.1912083012.00000194AB262000.00000002.00000001.01000000.00000012.sdmp
        Source: Binary string: /_/artifacts/obj/System.Security.Principal.Windows/net461-Windows_NT-Release/System.Security.Principal.Windows.pdb source: BrokerService.exe, 0000001F.00000002.2555493326.0000025451972000.00000002.00000001.01000000.00000047.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\CDE\BrokerCdeLibrary\anycpu-release__\obj\release\net472\BrokerCdeLibrary.pdb source: BrokerService.exe, 0000001D.00000002.1909749981.0000019491232000.00000002.00000001.01000000.0000000D.sdmp
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net462/System.ServiceProcess.ServiceController.pdbSHA256) source: BrokerService.exe, 0000001D.00000002.1912129198.00000194AB272000.00000002.00000001.01000000.00000013.sdmp, System.ServiceProcess.ServiceController.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\SDK\BrokerAdminService\anycpu-release__\obj\release\net472\BrokerAdminService.pdb source: BrokerAdminService.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\RemoteHCLClient\anycpu-release__\obj\release\net472\RemoteHCLClient.pdb source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp
        Source: Binary string: Citrix.Networking.WebSocket.pdb.7818E375_CB2C_4E80_99E7_4C40D0D5718B source: Broker_Service_x64.msi
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\distributed_tracing\exporter\newrelic\anycpu-release__\obj\release\net472\Citrix.Xaxd.DistributedTracing.Exporter.NewRelic.pdb source: Citrix.Xaxd.DistributedTracing.Exporter.NewRelic.dll.4.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Principal.Windows/net461-Windows_NT-Release/System.Security.Principal.Windows.pdbSHA256zqXL source: BrokerService.exe, 0000001F.00000002.2555493326.0000025451972000.00000002.00000001.01000000.00000047.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.KeySharingInterfaces\anycpu-release__\obj\release\net472\Citrix.Fma.Sdk.ServiceCommon.KeySharingInterfaces.pdb source: Citrix.Fma.Sdk.ServiceCommon.KeySharingInterfaces.dll.4.dr
        Source: Binary string: C:\jenkins\workspace\CitrixCloud\Build\Src\Logging\obj\Release\netstandard2.0\Citrix.CloudServices.Logging.pdb source: Citrix.CloudServices.Logging.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaRegistry.Interface\anycpu-release__\obj\release\netstandard2.0\FmaRegistry.Interface.pdb source: BrokerService.exe, 0000001D.00000002.1910001253.0000019491292000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\DistributedTracing\anycpu-release__\obj\release\netstandard2.0\Citrix.Fma.Sdk.DistributedTracing.pdb source: BrokerService.exe, 0000001D.00000002.1914666070.00000194AB422000.00000002.00000001.01000000.0000001A.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\DAL\IBrokerDAL\anycpu-release__\obj\release\net472\IBrokerDAL.pdb source: IBrokerDAL.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.ManagedMachineAPI\anycpu-release__\obj\release\net472\Citrix.ManagedMachineAPI.pdb source: BrokerService.exe, 0000001F.00000002.2553794425.0000025450D72000.00000002.00000001.01000000.0000003E.sdmp
        Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: System.Memory.dll0.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\ICwcSupport\anycpu-release__\obj\release\net472\ICwcSupport.pdb source: ICwcSupport.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaEventLog\anycpu-release__\obj\release\net472\FmaEventLog.pdb< source: BrokerService.exe, 0000001F.00000002.2553006670.00000254506D2000.00000002.00000001.01000000.00000038.sdmp
        Source: Binary string: C:\workspace-analytics\workspace-analytics\Output\AnyCPU\Citrix.WorkspaceAnalytics.CasInterfaces\obj\Debug\Citrix.WorkspaceAnalytics.CasInterfaces.pdb source: Citrix.WorkspaceAnalytics.CasInterfaces.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\ActiveDirectory\FmaActiveDirectory\anycpu-release__\obj\release\netstandard2.0\FmaActiveDirectory.pdb.y source: BrokerService.exe, 0000001F.00000002.2556875287.0000025451A92000.00000002.00000001.01000000.0000004A.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Shared\VirtualSites\anycpu-release__\obj\release\net472\VirtualSites.pdb source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\SDK\BrokerSDKDefinition\anycpu-release__\obj\release\netstandard2.0\BrokerSDKDefinition.pdb source: BrokerService.exe, 0000001F.00000002.2556016980.00000254519F2000.00000002.00000001.01000000.00000049.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\utils\events\anycpu-release__\obj\release\netstandard2.0\Citrix.Xaxd.Utils.Events.pdb source: BrokerService.exe, 0000001F.00000002.2553584343.0000025450D52000.00000002.00000001.01000000.0000003C.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdb source: BrokerService.exe, 0000001D.00000002.1912963441.00000194AB382000.00000002.00000001.01000000.00000014.sdmp, Microsoft.Win32.Registry.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaTransactionScope\anycpu-release__\obj\release\netstandard2.0\FmaTransactionScope.pdb source: BrokerService.exe, 0000001D.00000002.1913930609.00000194AB3E2000.00000002.00000001.01000000.00000018.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.PluginRegistrationTool\anycpu-release__\obj\release\net472\RegisterPlugins.pdb source: RegisterPlugins.exe, 00000022.00000000.1925697735.000002B30D5F2000.00000002.00000001.01000000.00000035.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\hostname\interfaces\anycpu-release__\obj\release\netstandard2.0\Citrix.Xaxd.Hostname.Interfaces.pdb9,S, E,_CorDllMainmscoree.dll source: Citrix.Xaxd.Hostname.Interfaces.dll.4.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging.Abstractions/Release/net462/Microsoft.Extensions.Logging.Abstractions.pdbSHA256 source: BrokerService.exe, 0000001D.00000002.1914867354.00000194AB442000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\WorkerChannelFactoryLoader\anycpu-release__\obj\release\net472\WorkerChannelFactoryLoader.pdb source: BrokerService.exe, 0000001F.00000002.2553979605.0000025450D82000.00000002.00000001.01000000.0000003F.sdmp
        Source: Binary string: /_/obj/src/Microsoft/SqlServer/Management/CollectorEnum/Release/net462/Microsoft.SqlServer.Management.CollectorEnum.pdb@aZa La_CorDllMainmscoree.dll source: Microsoft.SqlServer.Management.CollectorEnum.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.VirtualSite.Interface\anycpu-release__\obj\release\netstandard2.0\FmaServiceCommon.VirtualSite.Interface.pdb~1 source: BrokerService.exe, 0000001D.00000002.1913698768.00000194AB3D2000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HCL.DistributedTracing\anycpu-release__\obj\release\net472\Citrix.HCL.DistributedTracing.pdb source: Citrix.HCL.DistributedTracing.dll0.4.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.DiagnosticSource/Release/net462/System.Diagnostics.DiagnosticSource.pdbSHA256h source: BrokerService.exe, 0000001D.00000002.1915939180.00000194AB572000.00000002.00000001.01000000.00000026.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaInterServiceClients\Runtime\FmaInterServiceManager.Interface\anycpu-release__\obj\release\net472\FmaInterServiceManager.Interface.pdb source: BrokerService.exe, 0000001D.00000002.1914986331.00000194AB462000.00000002.00000001.01000000.0000001D.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\XmsInterfaces\anycpu-release__\obj\release\net472\XmsInterfaces.pdb source: BrokerService.exe, 0000001D.00000002.1916621102.00000194AB692000.00000002.00000001.01000000.0000002A.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.VirtualSiteManager\anycpu-release__\obj\release\net472\FmaServiceCommon.VirtualSiteManager.pdb source: BrokerService.exe, 0000001F.00000002.2554213094.00000254515C2000.00000002.00000001.01000000.00000041.sdmp
        Source: Binary string: Citrix.Networking.WebSocket.pdb.7818E375_CB2C_4E80_99E7_4C40D0D5718BHF source: Broker_Service_x64.msi
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\RegistryCounters\anycpu-release__\obj\release\net472\RegistryCounters.pdb source: BrokerService.exe, 0000001D.00000002.1916301428.00000194AB672000.00000002.00000001.01000000.00000028.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaSqlUtils\anycpu-release__\obj\release\netstandard2.0\FmaSqlUtils.pdb source: FmaSqlUtils.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaPlugin\anycpu-release__\obj\release\netstandard2.0\FmaPlugin.pdb source: BrokerService.exe, 0000001F.00000002.2553466258.0000025450CB2000.00000002.00000001.01000000.0000003B.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.VirtualSite.Interface\anycpu-release__\obj\release\netstandard2.0\FmaServiceCommon.VirtualSite.Interface.pdb source: BrokerService.exe, 0000001D.00000002.1913698768.00000194AB3D2000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ValueTuple/net47\System.ValueTuple.pdb source: BrokerService.exe, 0000001F.00000002.2549401679.000002544F472000.00000002.00000001.01000000.00000036.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\DiscUtils\src\anycpu-release__\obj\release\net472\DiscUtils.pdb8> source: DiscUtils.dll4.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaUtils\anycpu-release__\obj\release\net472\FmaUtils.pdbb source: BrokerService.exe, 0000001D.00000002.1909451331.00000194911C2000.00000002.00000001.01000000.00000009.sdmp, FMAUtils.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaEnv\anycpu-release__\obj\release\netstandard2.0\FmaEnv.pdb28L8 >8_CorDllMainmscoree.dll source: BrokerService.exe, 0000001D.00000002.1912083012.00000194AB262000.00000002.00000001.01000000.00000012.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\ActiveDirectory\FmaActiveDirectory\anycpu-release__\obj\release\netstandard2.0\FmaActiveDirectory.pdb source: BrokerService.exe, 0000001F.00000002.2556875287.0000025451A92000.00000002.00000001.01000000.0000004A.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HypervisorCommunicationsLibrary\anycpu-release__\obj\release\net472\Citrix.HypervisorCommunicationsLibrary.pdb source: Citrix.HypervisorCommunicationsLibrary.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Libraries\FmaCommandQueues\CasCommandQueuePayload\anycpu-release__\obj\release\netstandard2.0\Citrix.Broker.CasCommandQueuePayload.pdbB5\5 N5_CorDllMainmscoree.dll source: Citrix.Broker.CasCommandQueuePayload.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaFeature\anycpu-release__\obj\release\netstandard2.0\FmaFeature.pdb source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.HashCode/net461-Release/Microsoft.Bcl.HashCode.pdb source: Microsoft.Bcl.HashCode.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.ManagedMachineAPI\anycpu-release__\obj\release\net472\Citrix.ManagedMachineAPI.pdb> source: BrokerService.exe, 0000001F.00000002.2553794425.0000025450D72000.00000002.00000001.01000000.0000003E.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\logging\cdf_net\core\anycpu-release__\obj\release\net472\Citrix.Xaxd.Cdf.Net.pdb source: BrokerService.exe, 0000001D.00000002.1909850188.0000019491242000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\ProxyCommon\anycpu-release__\obj\release\net472\ProxyCommon.pdb$ source: BrokerService.exe, 0000001D.00000002.1917667880.00000194ABA92000.00000002.00000001.01000000.00000033.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaRegistry\anycpu-release__\obj\release\netstandard2.0\FmaRegistry.pdb source: BrokerService.exe, 0000001D.00000002.1909555493.00000194911E2000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaEventLog\anycpu-release__\obj\release\net472\FmaEventLog.pdb source: BrokerService.exe, 0000001F.00000002.2553006670.00000254506D2000.00000002.00000001.01000000.00000038.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\IDnsIpSupport\anycpu-release__\obj\release\net472\IDnsIpSupport.pdb source: IDnsIpSupport.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\utils\windows\anycpu-release__\obj\release\net472\Citrix.Xaxd.Utils.Windows.pdb source: Citrix.Xaxd.Utils.Windows.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\utils\strings\anycpu-release__\obj\release\netstandard2.0\Citrix.Xaxd.Utils.Strings.pdb source: BrokerService.exe, 0000001D.00000002.1913390576.00000194AB3C2000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaInterServiceClients\Runtime\FmaInterServiceManager\anycpu-release__\obj\release\net472\FmaInterServiceManager.pdb source: BrokerService.exe, 0000001D.00000002.1915578302.00000194AB522000.00000002.00000001.01000000.00000023.sdmp
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/Release/net462/System.Security.Permissions.pdb source: System.Security.Permissions.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Libraries\FmaCommandQueues\CasCommandQueuePayload\anycpu-release__\obj\release\netstandard2.0\Citrix.Broker.CasCommandQueuePayload.pdb source: Citrix.Broker.CasCommandQueuePayload.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaDal\Runtime\FmaDalRuntime\anycpu-release__\obj\release\netstandard2.0\FmaDalRuntime.pdb source: BrokerService.exe, 0000001D.00000002.1915242829.00000194AB4C2000.00000002.00000001.01000000.0000001F.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaLogging\anycpu-release__\obj\release\net472\FmaLogging.pdb source: BrokerService.exe, 0000001D.00000002.1911974174.00000194AB232000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaInterServiceClients\Runtime\FmaInterServiceManager.Models\anycpu-release__\obj\release\netstandard2.0\FmaInterServiceManager.Models.pdb source: BrokerService.exe, 0000001D.00000002.1915395701.00000194AB4F2000.00000002.00000001.01000000.00000021.sdmp
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net462/System.ServiceProcess.ServiceController.pdb source: BrokerService.exe, 0000001D.00000002.1912129198.00000194AB272000.00000002.00000001.01000000.00000013.sdmp, System.ServiceProcess.ServiceController.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\CtxSta\anycpu-release__\obj\release\net472\CtxSta.pdbK source: BrokerService.exe, 0000001D.00000002.1916882745.00000194AB6D2000.00000002.00000001.01000000.0000002D.sdmp, CtxSta.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaWcf\anycpu-release__\obj\release\net472\FmaWcf.pdb source: BrokerService.exe, 0000001F.00000002.2552865039.00000254506C2000.00000002.00000001.01000000.00000037.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: Microsoft.Bcl.AsyncInterfaces.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\ActiveDirectory\FmaActiveDirectory.Interfaces\anycpu-release__\obj\release\netstandard2.0\FmaActiveDirectory.Interfaces.pdb source: BrokerService.exe, 0000001F.00000002.2554565821.00000254515E2000.00000002.00000001.01000000.00000043.sdmp
        Source: Binary string: /_/obj/src/Microsoft/SqlServer/Management/RegisteredServers/Release/net462/Microsoft.SqlServer.Management.RegisteredServers.pdb source: Microsoft.SqlServer.Management.RegisteredServers.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HypervisorCommunicationsLibrary.Wcf\anycpu-release__\obj\release\net472\Citrix.HypervisorCommunicationsLibrary.Wcf.pdbnD source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.dr
        Source: Binary string: C:\jenkins\workspace\CitrixCloud\Build\Src\Logging\obj\Release\netstandard2.0\Citrix.CloudServices.Logging.pdbSHA256 source: Citrix.CloudServices.Logging.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\GroupPolicy\GpAnalyzer\Analyzer\anycpu-release__\obj\release\net472\GpAnalyzer.pdb source: GpAnalyzer.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\Licensing\anycpu-release__\obj\release\net472\Licensing.pdb source: BrokerService.exe, 0000001D.00000002.1916686247.00000194AB6A2000.00000002.00000001.01000000.0000002B.sdmp
        Source: Binary string: C:\Jenkins\workspace\CitrixCloud\Build\Src\AgentFoundation\Common\obj\Release\netstandard2.0\Citrix.CloudServices.AgentFoundation.Common.pdb source: Citrix.CloudServices.AgentFoundation.Common.dll.4.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging/Release/net462/Microsoft.Extensions.Logging.pdbSHA256kYf source: Microsoft.Extensions.Logging.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\logging\cdf_sharp\win\anycpu-release__\obj\release\net472\Citrix.Diagnostics.Tracing.pdb~ source: BrokerService.exe, 0000001D.00000002.1915055457.00000194AB472000.00000002.00000001.01000000.0000001E.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\ProxyCommon\anycpu-release__\obj\release\net472\ProxyCommon.pdb source: BrokerService.exe, 0000001D.00000002.1917667880.00000194ABA92000.00000002.00000001.01000000.00000033.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\BrokerComponentCommon\anycpu-release__\obj\release\net472\BrokerComponentCommon.pdb source: BrokerService.exe, 0000001D.00000002.1917029887.00000194AB6F2000.00000002.00000001.01000000.0000002F.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging.Abstractions/Release/net462/Microsoft.Extensions.Logging.Abstractions.pdb source: BrokerService.exe, 0000001D.00000002.1914867354.00000194AB442000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\HostingManagement\HostingManagementComponent\anycpu-release__\obj\release\net472\HostingManagementComponent.pdb source: BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HypervisorCommunicationsLibrary.HostView\anycpu-release__\obj\release\net472\Citrix.HypervisorCommunicationsLibrary.HostView.pdb source: Citrix.HypervisorCommunicationsLibrary.HostView.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaUtils\anycpu-release__\obj\release\net472\FmaUtils.pdb source: BrokerService.exe, 0000001D.00000002.1909451331.00000194911C2000.00000002.00000001.01000000.00000009.sdmp, FMAUtils.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\UrlAclSupport\anycpu-release__\obj\release\net472\UrlAclSupport.pdb source: BrokerService.exe, 0000001D.00000002.1916166886.00000194AB642000.00000002.00000001.01000000.00000027.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\authentication\interfaces\anycpu-release__\obj\release\net472\Citrix.Xaxd.Authentication.Interfaces.pdb source: BrokerService.exe, 0000001D.00000002.1915326873.00000194AB4E2000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaInterServiceClients\Runtime\FmaInterServiceManager.Models\anycpu-release__\obj\release\netstandard2.0\FmaInterServiceManager.Models.pdb"Y<Y .Y_CorDllMainmscoree.dll source: BrokerService.exe, 0000001D.00000002.1915395701.00000194AB4F2000.00000002.00000001.01000000.00000021.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.Settings\anycpu-release__\obj\release\net472\FmaServiceCommon.Settings.pdb source: BrokerService.exe, 0000001D.00000002.1914580532.00000194AB402000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HCL.DistributedTracing\anycpu-release__\obj\release\net472\Citrix.HCL.DistributedTracing.pdbXCrC dC_CorDllMainmscoree.dll source: Citrix.HCL.DistributedTracing.dll0.4.dr
        Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: System.Numerics.Vectors.dll0.4.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/Release/net462/System.Configuration.ConfigurationManager.pdbSHA256 source: BrokerService.exe, 0000001D.00000002.1913217539.00000194AB3A2000.00000002.00000001.01000000.00000015.sdmp, System.Configuration.ConfigurationManager.dll0.4.dr, System.Configuration.ConfigurationManager.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Shared\VirtualSites\anycpu-release__\obj\release\net472\VirtualSites.pdb: source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\XmsRuntime\anycpu-release__\obj\release\net472\XmsRuntime.pdb source: BrokerService.exe, 0000001D.00000002.1916960617.00000194AB6E2000.00000002.00000001.01000000.0000002E.sdmp
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.DiagnosticSource/Release/net462/System.Diagnostics.DiagnosticSource.pdb source: BrokerService.exe, 0000001D.00000002.1915939180.00000194AB572000.00000002.00000001.01000000.00000026.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: Microsoft.Bcl.AsyncInterfaces.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\utils\date_time\anycpu-release__\obj\release\netstandard2.0\Citrix.Xaxd.Utils.DateTime.pdb source: BrokerService.exe, 0000001F.00000002.2553129762.0000025450BE2000.00000002.00000001.01000000.00000039.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\CtxSta\anycpu-release__\obj\release\net472\CtxSta.pdb source: BrokerService.exe, 0000001D.00000002.1916882745.00000194AB6D2000.00000002.00000001.01000000.0000002D.sdmp, CtxSta.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.VirtualSiteManager\anycpu-release__\obj\release\net472\FmaServiceCommon.VirtualSiteManager.pdb< source: BrokerService.exe, 0000001F.00000002.2554213094.00000254515C2000.00000002.00000001.01000000.00000041.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\TicketStore\TicketStore\anycpu-release__\obj\release\net472\TicketStore.pdb source: BrokerService.exe, 0000001F.00000002.2553679495.0000025450D62000.00000002.00000001.01000000.0000003D.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\hostname\interfaces\anycpu-release__\obj\release\netstandard2.0\Citrix.Xaxd.Hostname.Interfaces.pdb source: Citrix.Xaxd.Hostname.Interfaces.dll.4.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Rest.ClientRuntime\Release\net461\Microsoft.Rest.ClientRuntime.pdb source: Microsoft.Rest.ClientRuntime.dll.4.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/Release/net462/System.Configuration.ConfigurationManager.pdb source: BrokerService.exe, 0000001D.00000002.1913217539.00000194AB3A2000.00000002.00000001.01000000.00000015.sdmp, System.Configuration.ConfigurationManager.dll0.4.dr, System.Configuration.ConfigurationManager.dll.4.dr
        Source: Binary string: C:\Jenkins\workspace\CitrixCloud\Build\Src\AgentFoundation\Common\obj\Release\netstandard2.0\Citrix.CloudServices.AgentFoundation.Common.pdbI source: Citrix.CloudServices.AgentFoundation.Common.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\distributed_tracing\core\anycpu-release__\obj\release\net472\Citrix.Xaxd.DistributedTracing.pdb source: BrokerService.exe, 0000001D.00000002.1915459492.00000194AB502000.00000002.00000001.01000000.00000022.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaCommandLine\anycpu-release__\obj\release\netstandard2.0\FmaCommandLine.pdb source: BrokerService.exe, 0000001D.00000002.1915842117.00000194AB562000.00000002.00000001.01000000.00000025.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaCommandLine\anycpu-release__\obj\release\netstandard2.0\FmaCommandLine.pdbv\ source: BrokerService.exe, 0000001D.00000002.1915842117.00000194AB562000.00000002.00000001.01000000.00000025.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\BrokerComponentCommon\anycpu-release__\obj\release\net472\BrokerComponentCommon.pdbp source: BrokerService.exe, 0000001D.00000002.1917029887.00000194AB6F2000.00000002.00000001.01000000.0000002F.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging/Release/net462/Microsoft.Extensions.Logging.pdb source: Microsoft.Extensions.Logging.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\Wpnbr\anycpu-release__\obj\release\net472\Wpnbr.pdb source: BrokerService.exe, 0000001D.00000002.1917130914.00000194AB772000.00000002.00000001.01000000.00000030.sdmp
        Source: Binary string: X:\src\HelperPackages\Bootstrap\Bootstrap_CA\wh32\retail\vc80\static\bootstrap_ca.pdb source: MSIDD31.tmp.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Shared\EventLog\anycpu-release__\obj\release\net472\EventLog.pdb source: BrokerService.exe, 0000001D.00000002.1917745850.00000194ABAD2000.00000002.00000001.01000000.00000034.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaDal\Runtime\SiteServices\FmaSiteServices\anycpu-release__\obj\release\netstandard2.0\FmaSiteServices.pdb source: BrokerService.exe, 0000001F.00000002.2554068226.0000025450DF2000.00000002.00000001.01000000.00000040.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\distributed_tracing\core\anycpu-release__\obj\release\net472\Citrix.Xaxd.DistributedTracing.pdb} source: BrokerService.exe, 0000001D.00000002.1915459492.00000194AB502000.00000002.00000001.01000000.00000022.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaLogging\anycpu-release__\obj\release\net472\FmaLogging.pdb: source: BrokerService.exe, 0000001D.00000002.1911974174.00000194AB232000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdbSHA256 source: BrokerService.exe, 0000001D.00000002.1912963441.00000194AB382000.00000002.00000001.01000000.00000014.sdmp, Microsoft.Win32.Registry.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HypervisorCommunicationsLibrary.Wcf\anycpu-release__\obj\release\net472\Citrix.HypervisorCommunicationsLibrary.Wcf.pdb source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Controller\ControllerService\x64-release__\obj\x64\release\net472\BrokerService.pdb source: BrokerService.exe, 0000001D.00000000.1835935201.0000019490E52000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaDependencyInjection\anycpu-release__\obj\release\netstandard2.0\FmaDependencyInjection.pdb source: BrokerService.exe, 0000001D.00000002.1915775374.00000194AB542000.00000002.00000001.01000000.00000024.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaDal\Runtime\SiteServices\FmaSiteServices\anycpu-release__\obj\release\netstandard2.0\FmaSiteServices.pdb' source: BrokerService.exe, 0000001F.00000002.2554068226.0000025450DF2000.00000002.00000001.01000000.00000040.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaTransactionScope\anycpu-release__\obj\release\netstandard2.0\FmaTransactionScope.pdb(/B/ 4/_CorDllMainmscoree.dll source: BrokerService.exe, 0000001D.00000002.1913930609.00000194AB3E2000.00000002.00000001.01000000.00000018.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Shared\Settings\anycpu-release__\obj\release\net472\Settings.pdb source: BrokerService.exe, 0000001F.00000002.2553217176.0000025450C32000.00000002.00000001.01000000.0000003A.sdmp, Settings.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Controller\ComponentInterface\anycpu-release__\obj\release\net472\ComponentInterface.pdb source: BrokerService.exe, 0000001D.00000002.1909653018.0000019491202000.00000002.00000001.01000000.0000000C.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Plugins\HypervisorsCommon\anycpu-release__\obj\release\net472\HypervisorsCommon.pdb source: HypervisorsCommon.dll0.4.dr
        Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
        Source: C:\Windows\System32\svchost.exeFile opened: d:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior

        Networking

        barindex
        Yara detected Generic Downloader
        Source: Yara matchFile source: C:\Program Files\Citrix\Broker\Service\RestSharp.dll, type: DROPPED
        Source: Yara matchFile source: C:\Program Files\Citrix\Broker\Service\System.Management.Automation.dll, type: DROPPED
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficDNS traffic detected: DNS query: time.windows.com
        Source: global trafficDNS traffic detected: DNS query: _ldap._tcp.
        Source: global trafficDNS traffic detected: DNS query: _ldap._tcp.
        Source: global trafficDNS traffic detected: DNS query: _ldap._tcp.
        Source: BrokerService.exe, 0000001F.00000002.2552865039.00000254506C2000.00000002.00000001.01000000.00000037.sdmpString found in binary or memory: http://citrix.poshsdk.namespace/
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmp, IDnsIpSupport.dll.4.drString found in binary or memory: http://schemas.citrix.com/CBP
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IConfiguration/SetFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IConfiguration/SetResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IConfiguration/SetResponses
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IConfiguration/SetT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useAddressHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useAddressHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useCancelLaunchReplyHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useCancelLaunchReplyHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useCancelLaunchRequestHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useCancelLaunchRequestHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useFaultHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useFaultHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useForwardCallToRootOfTrustResultHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useForwardCallToRootOfTrustResultHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useGetReplyHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useGetReplyHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useGetRequestHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useGetRequestHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useIntuneMetadataResultHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useIntuneMetadataResultHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useLogonRequest2HelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useLogonRequestHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useLogonRequestHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useNotifyBrokerReplyHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useNotifyBrokerReplyHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useNotifyReplyHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useNotifyReplyHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useNotifyRequestHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useNotifyRequestHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/usePolicyDefinitionHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/usePolicyDefinitionHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/usePrepareAppReplyHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/usePrepareAppReplyHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/usePrepareAppRequestHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/usePrepareAppRequestHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/usePrepareReplyHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/usePrepareReplyHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/usePrepareRequestHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/usePrepareRequestHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useProtocolSettingsHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useProtocolSettingsHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useQueryExpressionHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useQueryExpressionHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useRendezvousReplyHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useRendezvousReplyHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useRendezvousRequestHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useRendezvousRequestHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useReservationTokenHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useReservationTokenHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useResourceDetailsHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useResourceDetailsHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useReversePrepareSessionResultHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useReversePrepareSessionResultHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useReverseSeamlessAppHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useReverseSeamlessAppHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useReverseSeamlessAppListHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useReverseSeamlessAppListHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useRoTPublicKeysHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useRoTPublicKeysHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useServiceDetailsResultHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useServiceDetailsResultHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useSessionApplicationHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useSessionApplicationHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useSetRequestHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useSetRequestHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useSiteInformationHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useSiteInformationHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useWorkerSettingsHelperResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDummyInterface/useWorkerSettingsHelperT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDynamicDataQuery/GetFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDynamicDataQuery/GetResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDynamicDataQuery/GetResponsev
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IDynamicDataQuery/GetT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/CancelLaunchFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/CancelLaunchResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/CancelLaunchResponseu
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/CancelLaunchT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareAppSessionFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareAppSessionResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareAppSessionResponsez
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareAppSessionT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareRendezvousSessionFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareRendezvousSessionResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareRendezvousSessionT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareSessionFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareSessionResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareSessionResponsew
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ILaunch/PrepareSessionT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllFtasFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllFtasResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllFtasResponsey
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllFtasT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllSessions2FaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllSessions2Response
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllSessions2Response~
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllSessions2T
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllSessionsFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllSessionsResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllSessionsT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllStartMenuShortcutsFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllStartMenuShortcutsResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryAllStartMenuShortcutsT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryStartMenuShortcutIconFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryStartMenuShortcutIconResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryStartMenuShortcutIconT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryUsersFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryUsersResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryUsersResponsew
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/QueryUsersT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/TestFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/TestResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/TestResponseq
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IQueryAgent/TestT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IServiceDetailsManager/GetServiceDetailsFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IServiceDetailsManager/GetServiceDetailsResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/IServiceDetailsManager/GetServiceDetailsT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/DisconnectFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/DisconnectResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/DisconnectT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/ExecuteCommandsFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/ExecuteCommandsResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/ExecuteCommandsT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/GetRecordingStatusFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/GetRecordingStatusResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/GetRecordingStatusT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/LogOffFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/LogOffResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/LogOffResponsew
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/LogOffT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/ReRegisterNowFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/ReRegisterNowResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/ReRegisterNowResponse~
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/ReRegisterNowT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/RebootFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/RebootResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/RebootResponsew
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/RebootT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/SendMessageFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/SendMessageResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/SendMessageT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/StartRecordingFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/StartRecordingResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/StartRecordingT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/StopRecordingFaultFaultT
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/StopRecordingResponse
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/StopRecordingResponse~
        Source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpString found in binary or memory: http://schemas.citrix.com/CBP/ISessionManager/StopRecordingT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.ADIdentity.DataModel
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.ADIdentity.DataModelf
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.ADIdentity.DataModell
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.ADIdentity.DataModelm
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.ADIdentity.DataModelp
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.ADIdentity.DataModelu
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AdIdentity.Definitions
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AdIdentity.Definitionse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AdIdentity.Definitionsf
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AdIdentity.Definitionsm
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AdIdentity.Definitionsp
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AdIdentity.Definitionst
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AdIdentity.Definitionsu
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AdIdentity.Definitionsz
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AppLibrary.DataModel
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AppLibrary.DataModela
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AppLibrary.DataModele
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AppLibrary.DataModeli
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AppLibrary.DataModelq
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.AppLibrary.DataModelv
        Source: BrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Cds.BrokerU
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.CloudServices.Trust.Api.Modelsi
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.DelegatedAdmin.Logick
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Fma.Sdk.ServiceCore_
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Fma.Sdk.ServiceCoreg
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Fma.Sdk.ServiceCorer
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModel
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelY
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModel_
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModela
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModeld
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelf
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelg
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelr
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModels
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelu
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelx
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.HypervisorCommunicationsLibrary.Wcf.Types
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.HypervisorCommunicationsLibrary.Wcf.TypesN
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.HypervisorCommunicationsLibrary.Wcf.Typesb
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.HypervisorCommunicationsLibrary.Wcf.Typesm
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.HypervisorCommunicationsLibrary.Wcf.Typeso
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.HypervisorCommunicationsLibrary.Wcf.Typesq
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.HypervisorCommunicationsLibrary.Wcf.Typess
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.HypervisorCommunicationsLibrary.Wcf.Typesu
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.HypervisorCommunicationsLibrary.Wcf.Typesw
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.HypervisorCommunicationsLibrary.Wcf.Typesy
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.DataModel
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.DataModeli
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.DataModell
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.DataModeln
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.DataModelr
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.DataModelu
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.DataModelv
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.DataModelx
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.DataModelz
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.Definitions
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.Definitionsc
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.Definitionsm
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.Definitionst
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.Definitionsv
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.MachineCreation.Definitionsx
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Trust.DataModelW
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Trust.DataModela
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Trust.Logic
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Trust.LogicX
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.Trust.Logicw
        Source: BrokerService.exe, 0000001D.00000002.1915395701.00000194AB4F2000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.XDInterServiceTypes
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.XDInterServiceTypesf
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Citrix.XDInterServiceTypeso
        Source: BrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Workflow.Runtime
        Source: wevtutil.exe, 00000014.00000003.1791925447.0000027FB5F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.m
        Source: BrokerService.exe, 0000001D.00000002.1910073183.0000019492A61000.00000004.00000800.00020000.00000000.sdmp, BrokerService.exe, 0000001D.00000002.1910073183.0000019492F6E000.00000004.00000800.00020000.00000000.sdmp, BrokerService.exe, 0000001F.00000002.2547476641.0000025304A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: svchost.exe, 0000000A.00000002.2538923261.00000196A3C87000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000A.00000002.2539402260.00000196A4502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://standards.iso.org/iso/19770/-2/2009/schema.xsd
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityByNameResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityByNameT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityBySidResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityBySidT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityContentInIdentityPoolByIdResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityContentInIdentityPoolByIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityContentInIdentityPoolByNameResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityContentInIdentityPoolByNameT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityPoolByIdResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityPoolByIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityPoolByNameResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetIdentityPoolByNameT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetUserCertExpirationDateResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/GetUserCertExpirationDateT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/SetLockStateForADAccountResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/SetLockStateForADAccountT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/SetServiceAccountHealthStatusByUidResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/SetServiceAccountHealthStatusByUidT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/TaintADAccountResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/TaintADAccountT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/ValidateAndLockIdentitiesForPoolBySidResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/ValidateAndLockIdentitiesForPoolBySidT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/ValidateAndLockIdentitiesForPoolResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IADIdentityApi/ValidateAndLockIdentitiesForPoolT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IAppLibApi/FetchAppVTelemetryResponse&
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IAppLibApi/FetchAppVTelemetryT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IAppLibApi/GetObjectsFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IAppLibApi/GetObjectsResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IAppLibApi/GetObjectsT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApi/DummyOperationResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApi/DummyOperationT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV1/CheckGlobalAccessResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV1/CheckGlobalAccessT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV1/CheckScopeAccessMultipleResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV1/CheckScopeAccessMultipleT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV1/CheckScopeAccessResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV1/CheckScopeAccessT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV1/LookupScopeResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV1/LookupScopeT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV1/RetrieveScopesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV1/RetrieveScopesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV2/CheckGlobalAccessUsingBearerTokenResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV2/CheckGlobalAccessUsingBearerTokenT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV2/CheckScopeAccessMultipleUsingBearerTokenResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV2/CheckScopeAccessMultipleUsingBearerTokenT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV2/CheckScopeAccessUsingBearerTokenResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV2/CheckScopeAccessUsingBearerTokenT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV3/GetCloudAdminDetailsAsDictionaryResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV3/GetCloudAdminDetailsAsDictionaryT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV3/GetUserAdminTypeResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV3/GetUserAdminTypeT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV3/GetUserAdminTypeWithBearerTokenResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV3/GetUserAdminTypeWithBearerTokenT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV4/CheckScopeAccessMultipleUsingBearerTokenWithExcludedResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV4/CheckScopeAccessMultipleUsingBearerTokenWithExcludedT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV4/CheckScopeAccessMultipleWithExcludedResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV4/CheckScopeAccessMultipleWithExcludedT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV4/CheckScopeAccessUsingBearerTokenWithExcludedResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV4/CheckScopeAccessUsingBearerTokenWithExcludedT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV4/CheckScopeAccessWithExcludedResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IDelegatedAdminApiV4/CheckScopeAccessWithExcludedT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetDefinedFeaturesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetDefinedFeaturesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetEnabledFeaturesForConfigurationResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetEnabledFeaturesForConfigurationT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetEnabledFeaturesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetEnabledFeaturesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetLicenseInfoResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetLicenseInfoT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetLicenseServerDetailsResponseu
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetLicenseServerDetailsT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetSiteInfoResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetSiteInfoT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetValidProductAndModelsResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/GetValidProductAndModelsT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/IsFeatureDefinedResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/IsFeatureDefinedT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/IsFeatureEnabledResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/IsFeatureEnabledT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/UpdateSiteLicenseSaaSEnabledResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/UpdateSiteLicenseSaaSEnabledT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/ZoneExistsResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IFeatureChecksApi/ZoneExistsT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/AddPvsCollectionResponseu
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/AddPvsCollectionT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/AddPvsDeviceResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/AddPvsDeviceT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/AddVolumeServiceBootstrappedTemplateResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/AddVolumeServiceBootstrappedTemplateT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/ConfirmPvsCollectionNameAvailableResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/ConfirmPvsCollectionNameAvailableT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/DeletePvsCollectionResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/DeletePvsCollectionT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/DeletePvsDeviceResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/DeletePvsDeviceT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHostingUnitByIdResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHostingUnitByIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHostingUnitByNameResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHostingUnitByNameT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHostingUnitsAllResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHostingUnitsAllT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHypervisorConnectionByIdResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHypervisorConnectionByIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHypervisorConnectionRevByIdResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHypervisorConnectionRevByIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHypervisorConnectionsAllResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetHypervisorConnectionsAllT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetPvsDiskInfoByIdResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetPvsDiskInfoByIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetPvsServersBySiteIdResponsey
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetPvsServersBySiteIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetPvsSiteByIdResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetPvsSiteByIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetVolumeServiceBootstrappedTemplatesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/GetVolumeServiceBootstrappedTemplatesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/IsZoneEmptyResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/IsZoneEmptyT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/MoveResourcesToNewZoneResponses
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/MoveResourcesToNewZoneT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/RemoveVolumeServiceBootstrappedTemplateResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/RemoveVolumeServiceBootstrappedTemplateT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/SetHypervisorConnectionMetadataResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IHostApi/SetHypervisorConnectionMetadataT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/BeginVirtualMachinePowerStateChangesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/BeginVirtualMachinePowerStateChangesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/BeginVirtualMachineStateChangesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/BeginVirtualMachineStateChangesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/CheckResetVirtualMachineOperationsResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/CheckResetVirtualMachineOperationsT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/CheckResetVmOperationsResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/CheckResetVmOperationsT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/CheckVirtualMachinePowerActionsResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/CheckVirtualMachinePowerActionsT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/CheckVirtualMachinePowerStateChangesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/CheckVirtualMachinePowerStateChangesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/CheckVirtualMachineStateChangesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/CheckVirtualMachineStateChangesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/GetMaximumMachineCapabilitiesQuerySizeResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/GetMaximumMachineCapabilitiesQuerySizeT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/GetMaximumPowerStateQuerySizeResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/GetMaximumPowerStateQuerySizeT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/GetProvisionedVirtualMachineBySidResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/GetProvisionedVirtualMachineBySidT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/GetProvisioningSchemeByIdResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/GetProvisioningSchemeByIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/GetTaskResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/GetTaskT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/PollVirtualMachineCapabilitiesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/PollVirtualMachineCapabilitiesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/PollVirtualMachinePowerStatesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/PollVirtualMachinePowerStatesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/StartResetVirtualMachineResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/StartResetVirtualMachineT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/StartVirtualMachinePowerActionResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/StartVirtualMachinePowerActionT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/StartVirtualMachinePowerActionsResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/StartVirtualMachinePowerActionsT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/TerminateTaskResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/TerminateTaskT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/UpdateProvVmHostVmIdResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IMachineCreationApi/UpdateProvVmHostVmIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/FilterServiceAccountByIdentityProviderTypeNoSuchServiceAccount
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/FilterServiceAccountByIdentityProviderTypeResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/FilterServiceAccountByIdentityProviderTypeT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/GetAzureADAccessTokenByUidNoSuchServiceAccountFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/GetAzureADAccessTokenByUidResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/GetAzureADAccessTokenByUidT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/InterfaceIsActiveResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/InterfaceIsActiveT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/RetrieveAdAccountNoSuchAdAccountFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/RetrieveAdAccountResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/RetrieveAdAccountT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/SetAdAccountInUseAndClearPasswordNoSuchAdAccountFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/SetAdAccountInUseAndClearPasswordResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/IRetrieveAdAccount/SetAdAccountInUseAndClearPasswordT
        Source: BrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmpString found in binary or memory: http://tempuri.org/ISecondaryBrokerControl/GetAllConnectionLeaseRevocationDateTimesInUtcResponseQ
        Source: BrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmpString found in binary or memory: http://tempuri.org/ISecondaryBrokerControl/GetAllConnectionLeaseRevocationDateTimesInUtcT
        Source: BrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmpString found in binary or memory: http://tempuri.org/ISecondaryBrokerControl/StartBrokeringResponse
        Source: BrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmpString found in binary or memory: http://tempuri.org/ISecondaryBrokerControl/StartBrokeringT
        Source: BrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmpString found in binary or memory: http://tempuri.org/ISecondaryBrokerControl/StopBrokeringResponse
        Source: BrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmpString found in binary or memory: http://tempuri.org/ISecondaryBrokerControl/StopBrokeringT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/GetRegisteredServiceByNameResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/GetRegisteredServiceByNameT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/GetServiceKeyNamesFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/GetServiceKeyNamesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/GetServiceKeyNamesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/GetServicesInstancesByNameResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/GetServicesInstancesByNameT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/RegisterServiceInstanceFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/RegisterServiceInstanceResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/RegisterServiceInstanceT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/SetServiceInstanceKeyFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/SetServiceInstanceKeyResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/SetServiceInstanceKeyT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/UnregisterServiceInstancesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/UnregisterServiceInstancesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/UpdateServiceKeyFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/UpdateServiceKeyResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustAdminQuery/UpdateServiceKeyT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/AuthenticateAndExtractSidsFromBearerTokenResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/AuthenticateAndExtractSidsFromBearerTokenT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/AuthenticateHeaderResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/AuthenticateHeaderT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/CreateServiceKeyResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/CreateServiceKeyT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/DeleteVdaEnrollmentTokenByIdFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/DeleteVdaEnrollmentTokenByIdResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/DeleteVdaEnrollmentTokenByIdT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/GetRegisteredServiceResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/GetRegisteredServiceT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/GetRegisteredServicesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/GetRegisteredServicesT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/GetTrustVdaEnrollmentTokensFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/GetTrustVdaEnrollmentTokensResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/GetTrustVdaEnrollmentTokensT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/NewBearerTokenForCurrentUserResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/NewBearerTokenForCurrentUserT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/NewBearerTokenResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/NewBearerTokenT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/NewTrustVdaEnrollmentTokenFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/NewTrustVdaEnrollmentTokenResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/NewTrustVdaEnrollmentTokenT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/RevokeTrustVdaEnrollmentTokenFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/RevokeTrustVdaEnrollmentTokenResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/RevokeTrustVdaEnrollmentTokenT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/UnregisterConnectorsResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/UnregisterConnectorsT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/UnregisterServiceInstanceResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/UnregisterServiceInstanceT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/ValidateTrustVdaEnrollmentTokenFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/ValidateTrustVdaEnrollmentTokenResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpString found in binary or memory: http://tempuri.org/ITrustApi/ValidateTrustVdaEnrollmentTokenT
        Source: svchost.exe, 00000002.00000002.1368957735.0000020960E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
        Source: BrokerService.exe, 0000001F.00000002.2552865039.00000254506C2000.00000002.00000001.01000000.00000037.sdmpString found in binary or memory: http://www.citrix.com/fmaplatform/CitrixTransactionId
        Source: BrokerService.exe, 0000001D.00000002.1915578302.00000194AB522000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://www.citrix.com/fmaplatform/VirtualSiteId
        Source: BrokerService.exe, 0000001F.00000002.2554213094.00000254515C2000.00000002.00000001.01000000.00000041.sdmpString found in binary or memory: http://www.citrix.com/fmaplatform/VirtualSiteIdeVirtualSiteManager.GetVirtualSites
        Source: BrokerService.exe, 0000001F.00000002.2552865039.00000254506C2000.00000002.00000001.01000000.00000037.sdmpString found in binary or memory: http://www.citrix.com/fmaplatform/trust
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpString found in binary or memory: http://www.citrix.com/hcl/connectorList%GetConnectorStatus
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp, Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drString found in binary or memory: http://www.citrix.com/hcl/opId#SourceMachineNameWhttp://www.citrix.com/hcl/sourceMachineName
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
        Source: svchost.exe, 00000002.00000003.1367443151.0000020960E62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367764046.0000020960E41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369075101.0000020960E42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367226026.0000020960E6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369410476.0000020960E70000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367707880.0000020960E5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369233575.0000020960E63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
        Source: svchost.exe, 00000002.00000003.1367226026.0000020960E6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369410476.0000020960E70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
        Source: svchost.exe, 00000002.00000003.1367422163.0000020960E67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369388884.0000020960E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
        Source: svchost.exe, 00000002.00000003.1367143308.0000020960E75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369431890.0000020960E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
        Source: svchost.exe, 00000002.00000003.1367443151.0000020960E62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1368998929.0000020960E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367707880.0000020960E5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369233575.0000020960E63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
        Source: svchost.exe, 00000002.00000002.1368998929.0000020960E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367422163.0000020960E67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369388884.0000020960E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
        Source: svchost.exe, 00000002.00000003.1367443151.0000020960E62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1368998929.0000020960E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369233575.0000020960E63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
        Source: svchost.exe, 00000002.00000003.1367764046.0000020960E41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369075101.0000020960E42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
        Source: svchost.exe, 00000002.00000003.1367443151.0000020960E62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367764046.0000020960E41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369075101.0000020960E42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369233575.0000020960E63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
        Source: svchost.exe, 00000002.00000003.1367764046.0000020960E41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367924924.0000020960E46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tilep
        Source: svchost.exe, 00000002.00000002.1369233575.0000020960E63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367942743.0000020960E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
        Source: svchost.exe, 00000002.00000002.1369075101.0000020960E42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
        Source: svchost.exe, 00000002.00000003.1367443151.0000020960E62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369233575.0000020960E63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
        Source: svchost.exe, 00000002.00000003.1367764046.0000020960E41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369075101.0000020960E42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367532446.0000020960E5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
        Source: svchost.exe, 00000002.00000003.1367942743.0000020960E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
        Source: svchost.exe, 00000002.00000003.1265423425.0000020960E36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/
        Source: svchost.exe, 00000002.00000002.1368998929.0000020960E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367422163.0000020960E67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369388884.0000020960E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
        Source: BrokerService.exe, 0000001D.00000002.1913217539.00000194AB3A2000.00000002.00000001.01000000.00000015.sdmp, BrokerService.exe, 0000001D.00000002.1912129198.00000194AB272000.00000002.00000001.01000000.00000013.sdmp, BrokerService.exe, 0000001D.00000002.1915939180.00000194AB572000.00000002.00000001.01000000.00000026.sdmp, BrokerService.exe, 0000001D.00000002.1914867354.00000194AB442000.00000002.00000001.01000000.0000001C.sdmp, System.Configuration.ConfigurationManager.dll0.4.dr, System.Security.Permissions.dll.4.dr, Microsoft.Bcl.AsyncInterfaces.dll.4.dr, Microsoft.Extensions.Logging.dll.4.dr, System.ServiceProcess.ServiceController.dll.4.dr, System.Configuration.ConfigurationManager.dll.4.drString found in binary or memory: https://github.com/dotnet/runtime
        Source: BrokerService.exe, 0000001D.00000002.1913217539.00000194AB3A2000.00000002.00000001.01000000.00000015.sdmp, BrokerService.exe, 0000001D.00000002.1912129198.00000194AB272000.00000002.00000001.01000000.00000013.sdmp, System.Configuration.ConfigurationManager.dll0.4.dr, System.Security.Permissions.dll.4.dr, System.ServiceProcess.ServiceController.dll.4.dr, System.Configuration.ConfigurationManager.dll.4.drString found in binary or memory: https://github.com/dotnet/runtime&
        Source: BrokerService.exe, 0000001D.00000002.1915055457.00000194AB472000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: https://mindtouch.eng.citrite.net/Technologies/Citrix.Diagnostics.Tracing)
        Source: BrokerService.exe, 0000001D.00000002.1915180152.00000194AB4BC000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: https://mindtouch.eng.citrite.net/Technologies/Citrix.Diagnostics.Tracing)J
        Source: svchost.exe, 00000002.00000003.1367764046.0000020960E41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
        Source: svchost.exe, 00000002.00000003.1367738942.0000020960E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
        Source: svchost.exe, 00000002.00000003.1367738942.0000020960E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
        Source: svchost.exe, 00000002.00000002.1368998929.0000020960E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
        Source: svchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\52b9fa.msiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC535.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC5C3.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC641.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB14.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB82.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{16FBB4F8-8C17-4AD9-93A4-B3F2C57666D7}Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICE62.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICEEF.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICF8D.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICFCC.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID0F6.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID1E1.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID211.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID28F.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2EE.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID31E.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDD31.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6212.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6242.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI62CF.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI630F.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI660D.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6DDE.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI736D.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7459.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7469.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI747A.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI747B.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI75E3.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI75F4.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\52b9fc.msiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\52b9fc.msiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI98BF.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI98EF.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBA05.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICFDF.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2FD.tmpJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\inf\Citrix XML Service\Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\inf\Citrix XML Service\wixperf.hJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\inf\Citrix XML Service\wixperf.iniJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\inf\Citrix XML Service\0009\Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\PerfStringBackup.TMPJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\PerfStringBackup.INIJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\inf\Citrix Broker Service\Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\inf\Citrix Broker Service\wixperf.hJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\inf\Citrix Broker Service\wixperf.iniJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\inf\Citrix Broker Service\0009\Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\PerfStringBackup.TMPJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Installer\wix{16FBB4F8-8C17-4AD9-93A4-B3F2C57666D7}.SchedServiceConfig.rmiJump to behavior
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeFile created: C:\Windows\ServiceProfiles\NetworkService\Licensing
        Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIC535.tmpJump to behavior
        Source: C:\Windows\SysWOW64\wevtutil.exeProcess token adjusted: Security
        Source: PvsVmTemplate.vhd0.4.drBinary string: \Device\HarddiskVolume2\System Volume Information\_restore{D42FEF58-E684-4725-B180-37A6578E0AE8}\RP44\change.log
        Source: PvsVmTemplate.vhd0.4.drBinary string: \Device\HarddiskVolume3\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
        Source: classification engineClassification label: sus30.phis.troj.evad.winMSI@56/744@4/0
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\CitrixJump to behavior
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BrokerService.exe.log
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6276:120:WilError_03
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5964:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1792:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3260:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6472:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2712:120:WilError_03
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeMutant created: \BaseNamedObjects\Global\.net memory cache 4.0
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1292:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5688:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7044:120:WilError_03
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user~1\AppData\Local\Temp\MSI9878.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
        Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
        Source: MSIDD31.tmp.4.drBinary or memory string: SELECT * FROM `Component` WHERE `Component`=?SELECT * FROM `File` WHERE `File`=?SELECT * FROM `Registry` WHERE `Registry`=?IsLegacySecurityModelGetFileHandleForDACLGetDirectoryHandleForDACLGetRegistryHandleForDACLGetFilePathFromMSIGetDirectoryPathFromMSI%i%sGetRegistryPathFromMSICanonicalizeSDCTXGetNativeNameWAccessPermission}APPID\{APPID\ChangeAppIDAccessACLLaunchPermissionChangeAppIDLaunchACLConvertSidToStringSid failedGetUserNameSidFindCtxUserDefaultUserSetupCtxUsersSecDesc>CTX)CTX_InstallACLs.2FC063C6_B4B7_4E0E_B5A1_DD207D00E9C7%u2%u1%u1|%s1|%u2|%s2|%S: The string '%s' in the Desc column for the row '%s' of the CtxAddACL table is invalid.SELECT * FROM `CtxAddACL`CTX_SetupACLsGetUserNameSid failed - the user may not existUpdateCtxUsersSecDescD:AIARD:AISetDaclHelperReg64<null>SetDaclHelperCreateWellKnownSidadvapi32.dllCtxGetNativeNameD:P(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GA;;;CO)(A;OICI;GR;;;WD)SetDacl, StartSetDaclCustomActionDataCTX_InstallACLsWorkerGetUsersScheduledForRemovalCTX_RemoveACLs.2FC063C6_B4B7_4E0E_B5A1_DD207D00E9C7CtxAddACLPermCTX_SetupRemoveACLsUser_ExitFatal_ErrorExit_Dialog
        Source: Broker_Service_x64.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
        Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Broker_Service_x64.msi"
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
        Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
        Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 61840644E35B0012964490F7155C79A4 C
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding F4607A9CFBE627DAA7B1AF4F0A87DD4D C
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -s W32Time
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7D00F72EBD1F03FE2BA91EB00E79F5F2
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 40FEA25D10AEAC450300A64B6E69AD51
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E5BAB935B9E62F5EF499449BA355B5C1 E Global\MSI0000
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding B57FEBC80AACA307814E81531C396CA3 E Global\MSI0000
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.man"
        Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.man" /fromwow64
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.man"
        Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.man" /fromwow64
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.man"
        Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.man" /fromwow64
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe" sidtype CitrixBrokerService unrestricted
        Source: C:\Windows\SysWOW64\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Citrix\Broker\Service\BrokerService.exe "C:\Program Files\Citrix\Broker\Service\BrokerService.exe" -Upgrade
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Program Files\Citrix\Broker\Service\BrokerService.exe "C:\Program Files\Citrix\Broker\Service\BrokerService.exe"
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe "C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -Pipeline "C:\Program Files\Citrix\Broker\Service\Pipeline\"
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe "C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -PluginsRoot "C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\"
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe "C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -PluginsRoot "C:\Program Files\Common Files\Citrix\HCLPlugins\ManagedMachine\v2.5.0.0\"
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 61840644E35B0012964490F7155C79A4 CJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding F4607A9CFBE627DAA7B1AF4F0A87DD4D CJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7D00F72EBD1F03FE2BA91EB00E79F5F2Jump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 40FEA25D10AEAC450300A64B6E69AD51Jump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E5BAB935B9E62F5EF499449BA355B5C1 E Global\MSI0000Jump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding B57FEBC80AACA307814E81531C396CA3 E Global\MSI0000Jump to behavior
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.man"Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.man"Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.man"Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe" sidtype CitrixBrokerService unrestrictedJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Citrix\Broker\Service\BrokerService.exe "C:\Program Files\Citrix\Broker\Service\BrokerService.exe" -UpgradeJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe "C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -Pipeline "C:\Program Files\Citrix\Broker\Service\Pipeline\"Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe "C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -PluginsRoot "C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\"Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
        Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.man" /fromwow64
        Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.man" /fromwow64
        Source: C:\Windows\SysWOW64\wevtutil.exeProcess created: C:\Windows\System32\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.man" /fromwow64
        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: w32time.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: vmictimeprovider.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: activeds.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: adsldpc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: activeds.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: adsldpc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: activeds.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: adsldpc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: activeds.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: adsldpc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: esdsip.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: activeds.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: adsldpc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: activeds.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: adsldpc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: activeds.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: adsldpc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: esdsip.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msxml3.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: activeds.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: adsldpc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: loadperf.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: licensemanagersvc.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: licensemanager.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wevtutil.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\wevtutil.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\wevtutil.exeSection loaded: msxml6.dll
        Source: C:\Windows\System32\wevtutil.exeSection loaded: wevtapi.dll
        Source: C:\Windows\SysWOW64\wevtutil.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\wevtutil.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\wevtutil.exeSection loaded: msxml6.dll
        Source: C:\Windows\System32\wevtutil.exeSection loaded: wevtapi.dll
        Source: C:\Windows\SysWOW64\wevtutil.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\wevtutil.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\wevtutil.exeSection loaded: msxml6.dll
        Source: C:\Windows\System32\wevtutil.exeSection loaded: wevtapi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: mscoree.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: apphelp.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: version.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: cryptsp.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: rsaenh.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: cryptbase.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: windows.storage.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: wldp.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: profapi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: urlmon.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: iertutil.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: srvcli.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: netutils.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: sspicli.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: propsys.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: ntmarta.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: iphlpapi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: dnsapi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: dhcpcsvc.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: winnsi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: httpapi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: mscoree.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: version.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: cryptsp.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: rsaenh.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: cryptbase.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: windows.storage.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: wldp.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: profapi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: urlmon.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: iertutil.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: srvcli.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: netutils.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: sspicli.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: ieadvpack.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: devrtl.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: spinf.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: drvstore.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: spfileq.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: msasn1.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: ieadvpack.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: devrtl.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: spinf.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: drvstore.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: spfileq.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: msasn1.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: ieadvpack.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: devrtl.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: spinf.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: drvstore.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: spfileq.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: msasn1.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: ieadvpack.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: devrtl.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: spinf.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: drvstore.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: spfileq.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: msasn1.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: ieadvpack.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: devrtl.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: spinf.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: drvstore.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: spfileq.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: msasn1.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: propsys.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: iphlpapi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: dnsapi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: dhcpcsvc.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: winnsi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: secur32.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: activeds.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: adsldpc.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: adsldp.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: sxs.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: ntdsapi.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: netapi32.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: logoncli.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: mswsock.dll
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeSection loaded: rasadhlp.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\wevtutil.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}\InProcServer32
        Source: C:\Windows\SysWOW64\msiexec.exeFile written: C:\Users\user\AppData\Local\Temp\WIXPF001\wixperf.iniJump to behavior
        Source: C:\Windows\System32\msiexec.exeAutomated click: I accept the terms in the License Agreement
        Source: C:\Windows\System32\msiexec.exeAutomated click: Install
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\System32\msiexec.exeWindow detected: WixUI_Bmp_DialogI &accept the terms in the License Agreement&Print&Back&InstallCancelCITRIX LICENSE AGREEMENTUse of this component is subject to the Citrix license or terms of service covering the Citrix product(s) and/or service(s) with which you will be using this component. This component is licensed for use only with such Citrix product(s) and/or service(s).CTX_code EP_R_A10352779Please read the Citrix Broker Service License Agreement
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CitrixJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\BrokerJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\ServiceJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\PipelineJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdaptersJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\UpdateScriptsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\deJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\esJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\frJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\jaJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\zh-CNJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ImportScriptsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\CitrixJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPluginsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\HypervisorJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServerJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMwareJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMMJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWSJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\ManagedMachineJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\ManagedMachine\v2.5.0.0Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\ThirdPartyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\ThirdParty\v2.5.0.0Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\CitrixMachineCreationJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\CitrixMachineCreation\v1.0.0.0Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\32Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\32\ccauthcpp_dynamic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\64Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\64\ccauthcpp_dynamic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ActiveDirectory.SiteManagement.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ADIdentityInterService.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.manJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\amd64Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\amd64\libccauth.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Utilities.AssemblyResolver.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Authentication.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Avro.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Aws.Batcher.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSPlugin.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.EBS.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.EC2.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.IdentityManagement.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.S3.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.SecurityToken.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Azure.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Azure.Identity.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Setup ScriptsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Setup Scripts\BackupDesktopServerKeys.ps1Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BaseDAL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\BlankVhdTemplate.vhdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\BlankVhdTemplate.vhdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\BlankVhdTemplate.vhdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\BlankVhdTemplate.vhdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\BlankVhdTemplate.vhdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BouncyCastle.Cryptography.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerAdminQuery.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerAdminService.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerCde.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerCdeLibrary.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerComponentCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerComponent.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerDAL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerEnvTests.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.manJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerFiltering.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerSDKDefinition.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerSDKLogic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerService.exe.config.origJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerServiceEventLogResources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerService.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\BrokerServiceSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\Castle.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Castle.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Castle.Windsor.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CbpConstants.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CbpControllerSdk.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CbpTypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CdeEvents.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CdeLibrary.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Diagnostics.Tracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Networking.WebSocket.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Networking.WebSocket.pdbJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.Authentication.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViewsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.NgsTunnel.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utilities.AssemblyResolver.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utilities.EnumCache.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utils.Strings.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ADIdentity.DataModel.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Base.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Broker.CasCommandQueuePayload.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.Common.Classic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.OnPremiseCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.OnPremiseContracts.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Core.Api.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Diagnostics.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Logging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Monitoring.ApplicationInsights.Shared.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Redis.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Security.CCAuth.Managed.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.Configuration.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Trust.Api.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Utilities.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ConfigLogging.Wcf.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ConfigurationLogging.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Configuration.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.DelegatedAdmin.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Monitor.BrokerCodes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DelegatedAdminInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.ServiceCommon.KeySharingInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.ServiceCore.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.Utilities.Sids.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Host.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.HostView.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Wcf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Wcf.Types.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.IconConverter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Logging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Utilities.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.MachineCreationAPI.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.MachineCreationAPI.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachineAPI.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachineAPI.HostView.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachinePluginFinder.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.OperationalEvents.Broker.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.OperationalEvents.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Services.ServiceHosting.WindowsServiceHostingApi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Services.ServiceLocator.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Trust.Library.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasConfigClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasEventHubClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.AspNet.CitrixCloud.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.AspNet.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.CitrixCloudCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Profiles.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.CasDispatcher.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cdf.Net.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.AclStore.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.ServiceRegistry.Grpc.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.ServiceRegistry.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.VirtualSiteRegistry.Rest.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Common.Headers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Exporter.NewRelic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Exporter.Cas.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Wcf.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Tc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.WebSocket.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Wcf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Http.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Exceptions.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Exceptions.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Grpc.Client.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Grpc.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Hostname.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Hostname.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Logging.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Posh.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.RateLimiting.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.RateLimiting.Wcf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Rest.Client.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Rest.Client.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Retry.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Signer.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Tenancy.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Tenancy.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utilities.AssemblyResolver.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utilities.EnumCache.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Collections.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.DateTime.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Dynamic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Events.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Minimatch.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Networking.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Objectpool.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Reflection.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Retry.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.SecretBuffer.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Serialization.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Strings.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\ContractsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.Xaxd.Utils.Strings.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.StrongName.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Uri.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Windows.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Wcf.Client.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Wcf.Client.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.XenDesktop.Cloud.DataStore.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Citrix.XenDesktop.Cloud.DataStore.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\deJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\de\CloudCommon.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\esJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\es\CloudCommon.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\frJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\fr\CloudCommon.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\jaJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\ja\CloudCommon.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\zh-CNJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\zh-CN\CloudCommon.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\CloudCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ComponentInterface.Constants.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ComponentInterface.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ConfigLoggingSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Setup Scripts\ConfigureHighAvailabilityService.ps1Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ControllerDAL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ControllerInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\CookComputing.XmlRpcV2.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CredentialSecurity64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\csJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\cs\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\cs\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CtxAdmin.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CtxMcp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\CtxSta.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\CustomProvisioningCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\BrokerServiceSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Citrix.Base.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Citrix.CloudServices.Core.Api.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Citrix.IconConverter.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\ConfigLoggingSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\FmaCommonEnvTests.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\FmaConfigLoggingClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\GpAnalyzer.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\GpDocument.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\GpfxSettings.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\de\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ImportScripts\Default.zipJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\DelegatedAdminSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\DiscUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\DnsIpSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\DocumentFormat.OpenXml.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\UpdateScripts\downgrade_site_7.41.1100.0-7.41.100.0.xduJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\BrokerServiceSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Citrix.Base.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Citrix.CloudServices.Core.Api.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Citrix.IconConverter.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\ConfigLoggingSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\FmaCommonEnvTests.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\FmaConfigLoggingClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\GpAnalyzer.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\GpDocument.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\GpfxSettings.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\es\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\EventLogCodeGenHelper.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\EventLog.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaAbstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaActiveDirectory.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaActiveDirectory.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaCommandLine.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaCommandQueues.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaCommonEnvTests.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingClientInterService.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingShared.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaDalAttributes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaDalExceptions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaDalRuntime.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaDependencyInjection.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaEnv.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaEnv.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaEnvTestInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaEnv.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaEventLog.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaFeature.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaFeature.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaFiltering.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaFilteringSdkSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaIdentity.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaIdentity.Interfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Interface.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaLogging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaLogging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaLogging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaPlugin.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaProductInfo.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaRegistry.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaRegistry.Interface.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSchemaProbeDal.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSchemaTools.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSecretEncryption.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSecretEncryptionManager.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.DelegatedAdmin.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Features.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Ism.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.KeySharing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Logging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceDiscovery.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceRegistration.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Settings.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.Interface.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSiteManager.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSiteProvider.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceControlInterface.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaServiceStatus.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaServiceStatus.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSiteServices.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSiteServicesSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSqlScriptBuilder.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaSqlUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaTransactionScope.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FMAUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\FmaWcf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\BrokerServiceSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.Base.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.CloudServices.Core.Api.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.IconConverter.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\ConfigLoggingSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\FmaCommonEnvTests.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\FmaConfigLoggingClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\GpAnalyzer.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\GpDocument.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\GpfxSettings.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\fr\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Google.Api.CommonProtos.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Google.Protobuf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\GpAnalyzer.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\GpContracts.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\GpDocument.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\GpfxSettings.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\GpXmlSchema.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\grpc_csharp_ext.x64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\grpc_csharp_ext.x86.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Grpc.Core.Api.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Grpc.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Grpc.Net.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Grpc.Net.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Contracts.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\Citrix.HCL.DistributedTracing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Models.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HCL.Shared.Contracts.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.TlsCertificateVerification.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.TlsCertificateVerification.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.manJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ControlScriptsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ControlScripts\HighAvailabilityServiceControl.psm1Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\HighAvailabilityServiceEventLogResources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\HostingManagementComponent.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HypervisorCommunicationsLibrary.AddInSideAdapter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdaptersJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.HypervisorCommunicationsLibrary.HostSideAdapter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.Wcf.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.Wcf.Types.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\HypervisorsCommon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\i386Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\i386\libccauth.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IBrokerAdminQuery.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IBrokerDAL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IBrokerDALInternal.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IControllerDAL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IControllerDALInternal.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ICwcSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IDnsIpSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\IEdgeProxySupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ILeasingControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSConfigurationJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSConfiguration\InstanceTypes.xmlJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSConfiguration\InstanceTypes.xsdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Interop.GPMGMTLib.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Interop.NetFwTypeLib.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\iobfuncdll.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ISdkLogic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ISecondaryBrokerControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\itJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\it\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\BrokerServiceSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.Base.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.CloudServices.Core.Api.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.IconConverter.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\ConfigLoggingSupport.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\FmaCommonEnvTests.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\FmaConfigLoggingClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\GpAnalyzer.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\GpDocument.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\GpfxSettings.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ja\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\koJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.Edm.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.OData.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.Services.Client.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.SqlClient.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.VisualStudio.Threading.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.VisualStudio.Validation.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\ko\System.Spatial.resources.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\LhcUtils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Licensing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\LicPolEng.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.ManagedMachineAPI.AddInSideAdapter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.ManagedMachineAPI.Contracts.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.ManagedMachineAPI.HostSideAdapter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Microsoft.Bcl.AsyncInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.Logging.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.ObjectPool.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Microsoft.Extensions.ObjectPool.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.ApplicationInsights.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.Http.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.Http.Features.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.SystemWebAdapters.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.WebKey.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Services.AppAuthentication.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Storage.Blob.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Storage.Common.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Bcl.AsyncInterfaces.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Bcl.HashCode.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Edm.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.OData.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Services.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.arm64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.x64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.x86.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Tools.Sql.BatchParser.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Citrix\Broker\Service\Microsoft.Deployment.Compression.Cab.dllJump to behavior
        Source: Broker_Service_x64.msiStatic file information: File size 72298496 > 1048576
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\logging\cdf_sharp\win\anycpu-release__\obj\release\net472\Citrix.Diagnostics.Tracing.pdb source: BrokerService.exe, 0000001D.00000002.1915055457.00000194AB472000.00000002.00000001.01000000.0000001E.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\utils\assembly_resolver\anycpu-release__\obj\release\net472\Citrix.Xaxd.Utilities.AssemblyResolver.pdb source: BrokerService.exe, 0000001D.00000002.1909505618.00000194911D2000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\RemoteHCLClient\anycpu-release__\obj\release\net472\RemoteHCLClient.pdb(} source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Libraries\Cbp\CbpControllerSdk\anycpu-release__\obj\release\net472\CbpControllerSdk.pdb source: BrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Shared\LhcUtils\anycpu-release__\obj\release\net472\LhcUtils.pdb source: BrokerService.exe, 0000001D.00000002.1909945480.0000019491282000.00000002.00000001.01000000.0000000F.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\BrokerComponent\anycpu-release__\obj\release\net472\BrokerComponent.pdb source: BrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmp
        Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ValueTuple/net47\System.ValueTuple.pdb62P2 B2_CorDllMainmscoree.dll source: BrokerService.exe, 0000001F.00000002.2549401679.000002544F472000.00000002.00000001.01000000.00000036.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaSids\anycpu-release__\obj\release\net472\Citrix.Fma.Sdk.Utilities.Sids.pdb source: BrokerService.exe, 0000001F.00000002.2555275324.0000025451652000.00000002.00000001.01000000.00000046.sdmp
        Source: Binary string: Microsoft.Data.SqlClient.SNI.pdb source: Microsoft.Data.SqlClient.SNI.x64.dll.4.dr, Microsoft.Data.SqlClient.SNI.x86.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\Wpnbr\anycpu-release__\obj\release\net472\Wpnbr.pdbQ source: BrokerService.exe, 0000001D.00000002.1917130914.00000194AB772000.00000002.00000001.01000000.00000030.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\CtxAdmin\anycpu-release__\obj\release\net472\CtxAdmin.pdb source: BrokerService.exe, 0000001D.00000002.1916802918.00000194AB6C2000.00000002.00000001.01000000.0000002C.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.ServiceRegistration\anycpu-release__\obj\release\net472\FmaServiceCommon.ServiceRegistration.pdb source: BrokerService.exe, 0000001F.00000002.2555021751.0000025451632000.00000002.00000001.01000000.00000045.sdmp
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/Release/net462/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\ICwcSupport\anycpu-release__\obj\release\net472\ICwcSupport.pdbX4r4 d4_CorDllMainmscoree.dll source: ICwcSupport.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\GroupPolicy\GpAnalyzer\Analyzer\anycpu-release__\obj\release\net472\GpAnalyzer.pdbH source: GpAnalyzer.dll.4.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Rest.ClientRuntime\Release\net461\Microsoft.Rest.ClientRuntime.pdbSHA256TS- source: Microsoft.Rest.ClientRuntime.dll.4.dr
        Source: Binary string: X:\src\HelperPackages\Bootstrap\Bootstrap_CA\wh32\retail\vc80\static\bootstrap_ca.pdbH source: MSIDD31.tmp.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\XmlMultiplexer\anycpu-release__\obj\release\net472\XmlMultiplexer.pdb source: BrokerService.exe, 0000001D.00000002.1916476987.00000194AB682000.00000002.00000001.01000000.00000029.sdmp
        Source: Binary string: /_/obj/src/Microsoft/SqlServer/Management/CollectorEnum/Release/net462/Microsoft.SqlServer.Management.CollectorEnum.pdb source: Microsoft.SqlServer.Management.CollectorEnum.dll.4.dr
        Source: Binary string: Microsoft.Data.SqlClient.SNI.pdbGCTL source: Microsoft.Data.SqlClient.SNI.x64.dll.4.dr, Microsoft.Data.SqlClient.SNI.x86.dll.4.dr
        Source: Binary string: T:\altsrc\github\grpc\workspace_csharp_ext_windows_x64\cmake\build\x64\grpc_csharp_ext.pdb source: grpc_csharp_ext.x64.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaRegistry.Interface\anycpu-release__\obj\release\netstandard2.0\FmaRegistry.Interface.pdbL6f6 X6_CorDllMainmscoree.dll source: BrokerService.exe, 0000001D.00000002.1910001253.0000019491292000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\CtxMcp\anycpu-release__\obj\release\net472\CtxMcp.pdb source: BrokerService.exe, 0000001D.00000002.1917548815.00000194ABA52000.00000002.00000001.01000000.00000032.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\DiscUtils\src\anycpu-release__\obj\release\net472\DiscUtils.pdb source: DiscUtils.dll4.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.VirtualSite\anycpu-release__\obj\release\net472\FmaServiceCommon.VirtualSite.pdb source: BrokerService.exe, 0000001F.00000002.2554388742.00000254515D2000.00000002.00000001.01000000.00000042.sdmp, FmaServiceCommon.VirtualSite.dll.4.dr
        Source: Binary string: c:\projects\nlog\NLog.ManualFlush\obj\Release\NLog.ManualFlush.pdb source: NLog.ManualFlush.dll.4.dr
        Source: Binary string: C:\jenkins\workspace\AuthX\Build-Custom\Build-CCAuthCpp-Master\cmake_windows_32\src\Release\ccauthcpp_dynamic.pdb source: ccauthcpp_dynamic.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaEnv\anycpu-release__\obj\release\netstandard2.0\FmaEnv.pdb source: BrokerService.exe, 0000001D.00000002.1912083012.00000194AB262000.00000002.00000001.01000000.00000012.sdmp
        Source: Binary string: /_/artifacts/obj/System.Security.Principal.Windows/net461-Windows_NT-Release/System.Security.Principal.Windows.pdb source: BrokerService.exe, 0000001F.00000002.2555493326.0000025451972000.00000002.00000001.01000000.00000047.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\CDE\BrokerCdeLibrary\anycpu-release__\obj\release\net472\BrokerCdeLibrary.pdb source: BrokerService.exe, 0000001D.00000002.1909749981.0000019491232000.00000002.00000001.01000000.0000000D.sdmp
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net462/System.ServiceProcess.ServiceController.pdbSHA256) source: BrokerService.exe, 0000001D.00000002.1912129198.00000194AB272000.00000002.00000001.01000000.00000013.sdmp, System.ServiceProcess.ServiceController.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\SDK\BrokerAdminService\anycpu-release__\obj\release\net472\BrokerAdminService.pdb source: BrokerAdminService.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\RemoteHCLClient\anycpu-release__\obj\release\net472\RemoteHCLClient.pdb source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp
        Source: Binary string: Citrix.Networking.WebSocket.pdb.7818E375_CB2C_4E80_99E7_4C40D0D5718B source: Broker_Service_x64.msi
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\distributed_tracing\exporter\newrelic\anycpu-release__\obj\release\net472\Citrix.Xaxd.DistributedTracing.Exporter.NewRelic.pdb source: Citrix.Xaxd.DistributedTracing.Exporter.NewRelic.dll.4.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Principal.Windows/net461-Windows_NT-Release/System.Security.Principal.Windows.pdbSHA256zqXL source: BrokerService.exe, 0000001F.00000002.2555493326.0000025451972000.00000002.00000001.01000000.00000047.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.KeySharingInterfaces\anycpu-release__\obj\release\net472\Citrix.Fma.Sdk.ServiceCommon.KeySharingInterfaces.pdb source: Citrix.Fma.Sdk.ServiceCommon.KeySharingInterfaces.dll.4.dr
        Source: Binary string: C:\jenkins\workspace\CitrixCloud\Build\Src\Logging\obj\Release\netstandard2.0\Citrix.CloudServices.Logging.pdb source: Citrix.CloudServices.Logging.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaRegistry.Interface\anycpu-release__\obj\release\netstandard2.0\FmaRegistry.Interface.pdb source: BrokerService.exe, 0000001D.00000002.1910001253.0000019491292000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\DistributedTracing\anycpu-release__\obj\release\netstandard2.0\Citrix.Fma.Sdk.DistributedTracing.pdb source: BrokerService.exe, 0000001D.00000002.1914666070.00000194AB422000.00000002.00000001.01000000.0000001A.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\DAL\IBrokerDAL\anycpu-release__\obj\release\net472\IBrokerDAL.pdb source: IBrokerDAL.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.ManagedMachineAPI\anycpu-release__\obj\release\net472\Citrix.ManagedMachineAPI.pdb source: BrokerService.exe, 0000001F.00000002.2553794425.0000025450D72000.00000002.00000001.01000000.0000003E.sdmp
        Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: System.Memory.dll0.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\ICwcSupport\anycpu-release__\obj\release\net472\ICwcSupport.pdb source: ICwcSupport.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaEventLog\anycpu-release__\obj\release\net472\FmaEventLog.pdb< source: BrokerService.exe, 0000001F.00000002.2553006670.00000254506D2000.00000002.00000001.01000000.00000038.sdmp
        Source: Binary string: C:\workspace-analytics\workspace-analytics\Output\AnyCPU\Citrix.WorkspaceAnalytics.CasInterfaces\obj\Debug\Citrix.WorkspaceAnalytics.CasInterfaces.pdb source: Citrix.WorkspaceAnalytics.CasInterfaces.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\ActiveDirectory\FmaActiveDirectory\anycpu-release__\obj\release\netstandard2.0\FmaActiveDirectory.pdb.y source: BrokerService.exe, 0000001F.00000002.2556875287.0000025451A92000.00000002.00000001.01000000.0000004A.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Shared\VirtualSites\anycpu-release__\obj\release\net472\VirtualSites.pdb source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\SDK\BrokerSDKDefinition\anycpu-release__\obj\release\netstandard2.0\BrokerSDKDefinition.pdb source: BrokerService.exe, 0000001F.00000002.2556016980.00000254519F2000.00000002.00000001.01000000.00000049.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\utils\events\anycpu-release__\obj\release\netstandard2.0\Citrix.Xaxd.Utils.Events.pdb source: BrokerService.exe, 0000001F.00000002.2553584343.0000025450D52000.00000002.00000001.01000000.0000003C.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdb source: BrokerService.exe, 0000001D.00000002.1912963441.00000194AB382000.00000002.00000001.01000000.00000014.sdmp, Microsoft.Win32.Registry.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaTransactionScope\anycpu-release__\obj\release\netstandard2.0\FmaTransactionScope.pdb source: BrokerService.exe, 0000001D.00000002.1913930609.00000194AB3E2000.00000002.00000001.01000000.00000018.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.PluginRegistrationTool\anycpu-release__\obj\release\net472\RegisterPlugins.pdb source: RegisterPlugins.exe, 00000022.00000000.1925697735.000002B30D5F2000.00000002.00000001.01000000.00000035.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\hostname\interfaces\anycpu-release__\obj\release\netstandard2.0\Citrix.Xaxd.Hostname.Interfaces.pdb9,S, E,_CorDllMainmscoree.dll source: Citrix.Xaxd.Hostname.Interfaces.dll.4.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging.Abstractions/Release/net462/Microsoft.Extensions.Logging.Abstractions.pdbSHA256 source: BrokerService.exe, 0000001D.00000002.1914867354.00000194AB442000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\WorkerChannelFactoryLoader\anycpu-release__\obj\release\net472\WorkerChannelFactoryLoader.pdb source: BrokerService.exe, 0000001F.00000002.2553979605.0000025450D82000.00000002.00000001.01000000.0000003F.sdmp
        Source: Binary string: /_/obj/src/Microsoft/SqlServer/Management/CollectorEnum/Release/net462/Microsoft.SqlServer.Management.CollectorEnum.pdb@aZa La_CorDllMainmscoree.dll source: Microsoft.SqlServer.Management.CollectorEnum.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.VirtualSite.Interface\anycpu-release__\obj\release\netstandard2.0\FmaServiceCommon.VirtualSite.Interface.pdb~1 source: BrokerService.exe, 0000001D.00000002.1913698768.00000194AB3D2000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HCL.DistributedTracing\anycpu-release__\obj\release\net472\Citrix.HCL.DistributedTracing.pdb source: Citrix.HCL.DistributedTracing.dll0.4.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.DiagnosticSource/Release/net462/System.Diagnostics.DiagnosticSource.pdbSHA256h source: BrokerService.exe, 0000001D.00000002.1915939180.00000194AB572000.00000002.00000001.01000000.00000026.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaInterServiceClients\Runtime\FmaInterServiceManager.Interface\anycpu-release__\obj\release\net472\FmaInterServiceManager.Interface.pdb source: BrokerService.exe, 0000001D.00000002.1914986331.00000194AB462000.00000002.00000001.01000000.0000001D.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\XmsInterfaces\anycpu-release__\obj\release\net472\XmsInterfaces.pdb source: BrokerService.exe, 0000001D.00000002.1916621102.00000194AB692000.00000002.00000001.01000000.0000002A.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.VirtualSiteManager\anycpu-release__\obj\release\net472\FmaServiceCommon.VirtualSiteManager.pdb source: BrokerService.exe, 0000001F.00000002.2554213094.00000254515C2000.00000002.00000001.01000000.00000041.sdmp
        Source: Binary string: Citrix.Networking.WebSocket.pdb.7818E375_CB2C_4E80_99E7_4C40D0D5718BHF source: Broker_Service_x64.msi
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\RegistryCounters\anycpu-release__\obj\release\net472\RegistryCounters.pdb source: BrokerService.exe, 0000001D.00000002.1916301428.00000194AB672000.00000002.00000001.01000000.00000028.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaSqlUtils\anycpu-release__\obj\release\netstandard2.0\FmaSqlUtils.pdb source: FmaSqlUtils.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaPlugin\anycpu-release__\obj\release\netstandard2.0\FmaPlugin.pdb source: BrokerService.exe, 0000001F.00000002.2553466258.0000025450CB2000.00000002.00000001.01000000.0000003B.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.VirtualSite.Interface\anycpu-release__\obj\release\netstandard2.0\FmaServiceCommon.VirtualSite.Interface.pdb source: BrokerService.exe, 0000001D.00000002.1913698768.00000194AB3D2000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ValueTuple/net47\System.ValueTuple.pdb source: BrokerService.exe, 0000001F.00000002.2549401679.000002544F472000.00000002.00000001.01000000.00000036.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\DiscUtils\src\anycpu-release__\obj\release\net472\DiscUtils.pdb8> source: DiscUtils.dll4.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaUtils\anycpu-release__\obj\release\net472\FmaUtils.pdbb source: BrokerService.exe, 0000001D.00000002.1909451331.00000194911C2000.00000002.00000001.01000000.00000009.sdmp, FMAUtils.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaEnv\anycpu-release__\obj\release\netstandard2.0\FmaEnv.pdb28L8 >8_CorDllMainmscoree.dll source: BrokerService.exe, 0000001D.00000002.1912083012.00000194AB262000.00000002.00000001.01000000.00000012.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\ActiveDirectory\FmaActiveDirectory\anycpu-release__\obj\release\netstandard2.0\FmaActiveDirectory.pdb source: BrokerService.exe, 0000001F.00000002.2556875287.0000025451A92000.00000002.00000001.01000000.0000004A.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HypervisorCommunicationsLibrary\anycpu-release__\obj\release\net472\Citrix.HypervisorCommunicationsLibrary.pdb source: Citrix.HypervisorCommunicationsLibrary.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Libraries\FmaCommandQueues\CasCommandQueuePayload\anycpu-release__\obj\release\netstandard2.0\Citrix.Broker.CasCommandQueuePayload.pdbB5\5 N5_CorDllMainmscoree.dll source: Citrix.Broker.CasCommandQueuePayload.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaFeature\anycpu-release__\obj\release\netstandard2.0\FmaFeature.pdb source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.HashCode/net461-Release/Microsoft.Bcl.HashCode.pdb source: Microsoft.Bcl.HashCode.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.ManagedMachineAPI\anycpu-release__\obj\release\net472\Citrix.ManagedMachineAPI.pdb> source: BrokerService.exe, 0000001F.00000002.2553794425.0000025450D72000.00000002.00000001.01000000.0000003E.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\logging\cdf_net\core\anycpu-release__\obj\release\net472\Citrix.Xaxd.Cdf.Net.pdb source: BrokerService.exe, 0000001D.00000002.1909850188.0000019491242000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\ProxyCommon\anycpu-release__\obj\release\net472\ProxyCommon.pdb$ source: BrokerService.exe, 0000001D.00000002.1917667880.00000194ABA92000.00000002.00000001.01000000.00000033.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaRegistry\anycpu-release__\obj\release\netstandard2.0\FmaRegistry.pdb source: BrokerService.exe, 0000001D.00000002.1909555493.00000194911E2000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaEventLog\anycpu-release__\obj\release\net472\FmaEventLog.pdb source: BrokerService.exe, 0000001F.00000002.2553006670.00000254506D2000.00000002.00000001.01000000.00000038.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\IDnsIpSupport\anycpu-release__\obj\release\net472\IDnsIpSupport.pdb source: IDnsIpSupport.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\utils\windows\anycpu-release__\obj\release\net472\Citrix.Xaxd.Utils.Windows.pdb source: Citrix.Xaxd.Utils.Windows.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\utils\strings\anycpu-release__\obj\release\netstandard2.0\Citrix.Xaxd.Utils.Strings.pdb source: BrokerService.exe, 0000001D.00000002.1913390576.00000194AB3C2000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaInterServiceClients\Runtime\FmaInterServiceManager\anycpu-release__\obj\release\net472\FmaInterServiceManager.pdb source: BrokerService.exe, 0000001D.00000002.1915578302.00000194AB522000.00000002.00000001.01000000.00000023.sdmp
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/Release/net462/System.Security.Permissions.pdb source: System.Security.Permissions.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Libraries\FmaCommandQueues\CasCommandQueuePayload\anycpu-release__\obj\release\netstandard2.0\Citrix.Broker.CasCommandQueuePayload.pdb source: Citrix.Broker.CasCommandQueuePayload.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaDal\Runtime\FmaDalRuntime\anycpu-release__\obj\release\netstandard2.0\FmaDalRuntime.pdb source: BrokerService.exe, 0000001D.00000002.1915242829.00000194AB4C2000.00000002.00000001.01000000.0000001F.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaLogging\anycpu-release__\obj\release\net472\FmaLogging.pdb source: BrokerService.exe, 0000001D.00000002.1911974174.00000194AB232000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaInterServiceClients\Runtime\FmaInterServiceManager.Models\anycpu-release__\obj\release\netstandard2.0\FmaInterServiceManager.Models.pdb source: BrokerService.exe, 0000001D.00000002.1915395701.00000194AB4F2000.00000002.00000001.01000000.00000021.sdmp
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net462/System.ServiceProcess.ServiceController.pdb source: BrokerService.exe, 0000001D.00000002.1912129198.00000194AB272000.00000002.00000001.01000000.00000013.sdmp, System.ServiceProcess.ServiceController.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\CtxSta\anycpu-release__\obj\release\net472\CtxSta.pdbK source: BrokerService.exe, 0000001D.00000002.1916882745.00000194AB6D2000.00000002.00000001.01000000.0000002D.sdmp, CtxSta.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaWcf\anycpu-release__\obj\release\net472\FmaWcf.pdb source: BrokerService.exe, 0000001F.00000002.2552865039.00000254506C2000.00000002.00000001.01000000.00000037.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: Microsoft.Bcl.AsyncInterfaces.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\ActiveDirectory\FmaActiveDirectory.Interfaces\anycpu-release__\obj\release\netstandard2.0\FmaActiveDirectory.Interfaces.pdb source: BrokerService.exe, 0000001F.00000002.2554565821.00000254515E2000.00000002.00000001.01000000.00000043.sdmp
        Source: Binary string: /_/obj/src/Microsoft/SqlServer/Management/RegisteredServers/Release/net462/Microsoft.SqlServer.Management.RegisteredServers.pdb source: Microsoft.SqlServer.Management.RegisteredServers.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HypervisorCommunicationsLibrary.Wcf\anycpu-release__\obj\release\net472\Citrix.HypervisorCommunicationsLibrary.Wcf.pdbnD source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.dr
        Source: Binary string: C:\jenkins\workspace\CitrixCloud\Build\Src\Logging\obj\Release\netstandard2.0\Citrix.CloudServices.Logging.pdbSHA256 source: Citrix.CloudServices.Logging.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\GroupPolicy\GpAnalyzer\Analyzer\anycpu-release__\obj\release\net472\GpAnalyzer.pdb source: GpAnalyzer.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\Licensing\anycpu-release__\obj\release\net472\Licensing.pdb source: BrokerService.exe, 0000001D.00000002.1916686247.00000194AB6A2000.00000002.00000001.01000000.0000002B.sdmp
        Source: Binary string: C:\Jenkins\workspace\CitrixCloud\Build\Src\AgentFoundation\Common\obj\Release\netstandard2.0\Citrix.CloudServices.AgentFoundation.Common.pdb source: Citrix.CloudServices.AgentFoundation.Common.dll.4.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging/Release/net462/Microsoft.Extensions.Logging.pdbSHA256kYf source: Microsoft.Extensions.Logging.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\logging\cdf_sharp\win\anycpu-release__\obj\release\net472\Citrix.Diagnostics.Tracing.pdb~ source: BrokerService.exe, 0000001D.00000002.1915055457.00000194AB472000.00000002.00000001.01000000.0000001E.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\ProxyCommon\anycpu-release__\obj\release\net472\ProxyCommon.pdb source: BrokerService.exe, 0000001D.00000002.1917667880.00000194ABA92000.00000002.00000001.01000000.00000033.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\BrokerComponentCommon\anycpu-release__\obj\release\net472\BrokerComponentCommon.pdb source: BrokerService.exe, 0000001D.00000002.1917029887.00000194AB6F2000.00000002.00000001.01000000.0000002F.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging.Abstractions/Release/net462/Microsoft.Extensions.Logging.Abstractions.pdb source: BrokerService.exe, 0000001D.00000002.1914867354.00000194AB442000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\HostingManagement\HostingManagementComponent\anycpu-release__\obj\release\net472\HostingManagementComponent.pdb source: BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HypervisorCommunicationsLibrary.HostView\anycpu-release__\obj\release\net472\Citrix.HypervisorCommunicationsLibrary.HostView.pdb source: Citrix.HypervisorCommunicationsLibrary.HostView.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaUtils\anycpu-release__\obj\release\net472\FmaUtils.pdb source: BrokerService.exe, 0000001D.00000002.1909451331.00000194911C2000.00000002.00000001.01000000.00000009.sdmp, FMAUtils.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Cloud\XAXDProxy\Components\UrlAclSupport\anycpu-release__\obj\release\net472\UrlAclSupport.pdb source: BrokerService.exe, 0000001D.00000002.1916166886.00000194AB642000.00000002.00000001.01000000.00000027.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\authentication\interfaces\anycpu-release__\obj\release\net472\Citrix.Xaxd.Authentication.Interfaces.pdb source: BrokerService.exe, 0000001D.00000002.1915326873.00000194AB4E2000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaInterServiceClients\Runtime\FmaInterServiceManager.Models\anycpu-release__\obj\release\netstandard2.0\FmaInterServiceManager.Models.pdb"Y<Y .Y_CorDllMainmscoree.dll source: BrokerService.exe, 0000001D.00000002.1915395701.00000194AB4F2000.00000002.00000001.01000000.00000021.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.Settings\anycpu-release__\obj\release\net472\FmaServiceCommon.Settings.pdb source: BrokerService.exe, 0000001D.00000002.1914580532.00000194AB402000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HCL.DistributedTracing\anycpu-release__\obj\release\net472\Citrix.HCL.DistributedTracing.pdbXCrC dC_CorDllMainmscoree.dll source: Citrix.HCL.DistributedTracing.dll0.4.dr
        Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: System.Numerics.Vectors.dll0.4.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/Release/net462/System.Configuration.ConfigurationManager.pdbSHA256 source: BrokerService.exe, 0000001D.00000002.1913217539.00000194AB3A2000.00000002.00000001.01000000.00000015.sdmp, System.Configuration.ConfigurationManager.dll0.4.dr, System.Configuration.ConfigurationManager.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Shared\VirtualSites\anycpu-release__\obj\release\net472\VirtualSites.pdb: source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\XmsRuntime\anycpu-release__\obj\release\net472\XmsRuntime.pdb source: BrokerService.exe, 0000001D.00000002.1916960617.00000194AB6E2000.00000002.00000001.01000000.0000002E.sdmp
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.DiagnosticSource/Release/net462/System.Diagnostics.DiagnosticSource.pdb source: BrokerService.exe, 0000001D.00000002.1915939180.00000194AB572000.00000002.00000001.01000000.00000026.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: Microsoft.Bcl.AsyncInterfaces.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\utils\date_time\anycpu-release__\obj\release\netstandard2.0\Citrix.Xaxd.Utils.DateTime.pdb source: BrokerService.exe, 0000001F.00000002.2553129762.0000025450BE2000.00000002.00000001.01000000.00000039.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\CtxSta\anycpu-release__\obj\release\net472\CtxSta.pdb source: BrokerService.exe, 0000001D.00000002.1916882745.00000194AB6D2000.00000002.00000001.01000000.0000002D.sdmp, CtxSta.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaServiceCommon\Runtime\FmaServiceCommon.VirtualSiteManager\anycpu-release__\obj\release\net472\FmaServiceCommon.VirtualSiteManager.pdb< source: BrokerService.exe, 0000001F.00000002.2554213094.00000254515C2000.00000002.00000001.01000000.00000041.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\TicketStore\TicketStore\anycpu-release__\obj\release\net472\TicketStore.pdb source: BrokerService.exe, 0000001F.00000002.2553679495.0000025450D62000.00000002.00000001.01000000.0000003D.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\hostname\interfaces\anycpu-release__\obj\release\netstandard2.0\Citrix.Xaxd.Hostname.Interfaces.pdb source: Citrix.Xaxd.Hostname.Interfaces.dll.4.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Rest.ClientRuntime\Release\net461\Microsoft.Rest.ClientRuntime.pdb source: Microsoft.Rest.ClientRuntime.dll.4.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/Release/net462/System.Configuration.ConfigurationManager.pdb source: BrokerService.exe, 0000001D.00000002.1913217539.00000194AB3A2000.00000002.00000001.01000000.00000015.sdmp, System.Configuration.ConfigurationManager.dll0.4.dr, System.Configuration.ConfigurationManager.dll.4.dr
        Source: Binary string: C:\Jenkins\workspace\CitrixCloud\Build\Src\AgentFoundation\Common\obj\Release\netstandard2.0\Citrix.CloudServices.AgentFoundation.Common.pdbI source: Citrix.CloudServices.AgentFoundation.Common.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\distributed_tracing\core\anycpu-release__\obj\release\net472\Citrix.Xaxd.DistributedTracing.pdb source: BrokerService.exe, 0000001D.00000002.1915459492.00000194AB502000.00000002.00000001.01000000.00000022.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaCommandLine\anycpu-release__\obj\release\netstandard2.0\FmaCommandLine.pdb source: BrokerService.exe, 0000001D.00000002.1915842117.00000194AB562000.00000002.00000001.01000000.00000025.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaCommandLine\anycpu-release__\obj\release\netstandard2.0\FmaCommandLine.pdbv\ source: BrokerService.exe, 0000001D.00000002.1915842117.00000194AB562000.00000002.00000001.01000000.00000025.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Broker\BrokerComponentCommon\anycpu-release__\obj\release\net472\BrokerComponentCommon.pdbp source: BrokerService.exe, 0000001D.00000002.1917029887.00000194AB6F2000.00000002.00000001.01000000.0000002F.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging/Release/net462/Microsoft.Extensions.Logging.pdb source: Microsoft.Extensions.Logging.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\XmlServices\Wpnbr\anycpu-release__\obj\release\net472\Wpnbr.pdb source: BrokerService.exe, 0000001D.00000002.1917130914.00000194AB772000.00000002.00000001.01000000.00000030.sdmp
        Source: Binary string: X:\src\HelperPackages\Bootstrap\Bootstrap_CA\wh32\retail\vc80\static\bootstrap_ca.pdb source: MSIDD31.tmp.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Shared\EventLog\anycpu-release__\obj\release\net472\EventLog.pdb source: BrokerService.exe, 0000001D.00000002.1917745850.00000194ABAD2000.00000002.00000001.01000000.00000034.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaDal\Runtime\SiteServices\FmaSiteServices\anycpu-release__\obj\release\netstandard2.0\FmaSiteServices.pdb source: BrokerService.exe, 0000001F.00000002.2554068226.0000025450DF2000.00000002.00000001.01000000.00000040.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\libs\csharp\distributed_tracing\core\anycpu-release__\obj\release\net472\Citrix.Xaxd.DistributedTracing.pdb} source: BrokerService.exe, 0000001D.00000002.1915459492.00000194AB502000.00000002.00000001.01000000.00000022.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaLogging\anycpu-release__\obj\release\net472\FmaLogging.pdb: source: BrokerService.exe, 0000001D.00000002.1911974174.00000194AB232000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdbSHA256 source: BrokerService.exe, 0000001D.00000002.1912963441.00000194AB382000.00000002.00000001.01000000.00000014.sdmp, Microsoft.Win32.Registry.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Citrix.HypervisorCommunicationsLibrary.Wcf\anycpu-release__\obj\release\net472\Citrix.HypervisorCommunicationsLibrary.Wcf.pdb source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Controller\ControllerService\x64-release__\obj\x64\release\net472\BrokerService.pdb source: BrokerService.exe, 0000001D.00000000.1835935201.0000019490E52000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaDependencyInjection\anycpu-release__\obj\release\netstandard2.0\FmaDependencyInjection.pdb source: BrokerService.exe, 0000001D.00000002.1915775374.00000194AB542000.00000002.00000001.01000000.00000024.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaDal\Runtime\SiteServices\FmaSiteServices\anycpu-release__\obj\release\netstandard2.0\FmaSiteServices.pdb' source: BrokerService.exe, 0000001F.00000002.2554068226.0000025450DF2000.00000002.00000001.01000000.00000040.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\FmaServiceSdk\FmaUtilities\Runtime\FmaTransactionScope\anycpu-release__\obj\release\netstandard2.0\FmaTransactionScope.pdb(/B/ 4/_CorDllMainmscoree.dll source: BrokerService.exe, 0000001D.00000002.1913930609.00000194AB3E2000.00000002.00000001.01000000.00000018.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Shared\Settings\anycpu-release__\obj\release\net472\Settings.pdb source: BrokerService.exe, 0000001F.00000002.2553217176.0000025450C32000.00000002.00000001.01000000.0000003A.sdmp, Settings.dll.4.dr
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Brokering\Broker\Components\Controller\ComponentInterface\anycpu-release__\obj\release\net472\ComponentInterface.pdb source: BrokerService.exe, 0000001D.00000002.1909653018.0000019491202000.00000002.00000001.01000000.0000000C.sdmp
        Source: Binary string: C:\tc\work\9fabd0850cbc8cb6\buck-out\gen-obj\Provisioning\Libraries\HCL\Plugins\HypervisorsCommon\anycpu-release__\obj\release\net472\HypervisorsCommon.pdb source: HypervisorsCommon.dll0.4.dr
        Source: SCVMM.dll.4.drStatic PE information: 0xD15B71CF [Mon Apr 21 03:17:35 2081 UTC]
        Source: MSI99A3.tmp.0.drStatic PE information: section name: _RDATA
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\HypervisorsCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FMAUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Citrix.Base.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Http.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Unity.Container.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Grpc.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Contracts.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.Http.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.ServiceCommon.KeySharingInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\es\SCVMM.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\FmaConfigLoggingClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\tr\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\IControllerDAL.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\GpAnalyzer.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Drawing.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\NLog.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\GpAnalyzer.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID0F6.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\ja\SCVMM.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Net.Http.WinHttpHandler.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Settings.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ko\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\GpDocument.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaSchemaProbeDal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\LhcUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.SqlScriptPublish.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\LicPolEng.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\GpfxSettings.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceStatus.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Management.Automation.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\CredentialSecurity64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Microsoft.Bcl.AsyncInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC5C3.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Polly.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Memory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Logging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\RemoteHCLCLient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ProxyCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaServiceStatus.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Text.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\protobuf-net.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ADIdentityInterService.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Ism.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\SdkAttributes.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Aws.Batcher.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.Assessment.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.IconConverter.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Logging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC535.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\FmaCommonEnvTests.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\iobfuncdll.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Security.Cryptography.Xml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.OperationalEvents.Broker.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.WmiEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Utilities.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\zh-CN\SCVMM.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.DelegatedAdmin.Rest.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Text.Encoding.CodePages.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasEventHubClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaLogging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\ConfigLoggingSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Identity.Client.Extensions.Msal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Storage.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ICwcSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9878.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.CloudServices.Core.Api.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SqlEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\BrokerServiceSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\SCVMM.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Smo.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Services.ServiceLocator.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\GpAnalyzer.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Interop.GPMGMTLib.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ComponentInterface.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ILeasingControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Net.Http.Formatting.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\cs\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Bcl.HashCode.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\ConfigLoggingSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Security.Cryptography.ProtectedData.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasConfigClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.XenDesktop.Cloud.DataStore.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SmoExtended.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\System.Buffers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\IEdgeProxySupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\it\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.ServiceCore.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\es\FmaCommonEnvTests.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Rest.ClientRuntime.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaSchemaTools.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaSecretEncryption.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Google.Protobuf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Security.Permissions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\GpContracts.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Microsoft.WindowsAzure.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\amd64\libccauth.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Assessment.Types.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Wcf.Client.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SqlWmiManagement.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\NLog.ManualFlush.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\GpDocument.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DelegatedAdminInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Deployment.Compression.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.DependencyInjection.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Diagnostics.Tracing.EventSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaFeature.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.ApplicationInsights.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SqlClrProvider.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.Collector.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\IBrokerDAL.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Diagnostics.EventLog.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.ValueTuple.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\DnsIpSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Dmf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\pt-BR\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\BrokerServiceSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\GpDocument.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.VisualStudio.Threading.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\IDnsIpSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\HypervisorsCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ru\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.ObjectPool.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\IBrokerDALInternal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.ServiceBrokerEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Wcf.Client.Interfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.arm64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.ConnectionInfo.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Win32.Registry.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.Http.Features.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.x64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Microsoft.Extensions.ObjectPool.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\de\CloudCommon.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\SchemaFeatures.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Configuration.ConfigurationManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Settings.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceRegistration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\SchemaFeature.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaWcf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\de\SCVMM.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\64\ccauthcpp_dynamic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\RebootSchedules.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\pl\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Uri.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\ja\CloudCommon.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Unity.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICEEF.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Options.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaSiteServicesSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\Citrix.HCL.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\GpfxSettings.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID34D.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\CtxSta.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Security.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaTransactionScope.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Citrix.CloudServices.Core.Api.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\System.Memory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\DiscUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.RegSvrEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEventDbScopedEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaFiltering.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\GpfxSettings.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.IconConverter.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\NewRelic.Api.Agent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\DelegatedAdminSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\pl\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Serilog.Sinks.File.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Serilog.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\SDKUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC641.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Citrix.IconConverter.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.WindowsAzure.Storage.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.IdentityModel.Tokens.Jwt.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.Shared.Adapters.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachinePluginFinder.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Tools.Sql.BatchParser.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.RegisteredServers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.CodeDom.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDD31.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.EBS.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Logging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaIdentity.Interfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Protocols.OpenIdConnect.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ConfigLoggingSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Monitoring.ApplicationInsights.Shared.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\es\BrokerServiceSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.NgsTunnel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEventDbScoped.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ComponentInterface.Constants.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\CookComputing.XmlRpcV2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\tr\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\CtxAdmin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\grpc_csharp_ext.x86.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Security.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID31E.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.JsonWebTokens.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEventEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\es\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Google.Api.CommonProtos.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.SystemWebAdapters.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\FmaConfigLoggingClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Grpc.Core.Api.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Edm.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\GpAnalyzer.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Threading.Channels.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.KeySharing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Data.SqlClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.MachineCreationAPI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ActiveDirectory.SiteManagement.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\OpenIddict.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.CloudServices.Core.Api.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\i386\libccauth.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\es\Citrix.IconConverter.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\OpenTelemetry.Api.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\grpc_csharp_ext.x64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Logging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.ServiceModel.NetTcp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Wcf.Types.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID28F.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Threading.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Redis.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Configuration.ConfigurationManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.Xaxd.Utils.Strings.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Win32.Registry.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Features.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.ObjectPool.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\ConfigLoggingSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEvent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Duplex.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\DiscUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Net.Http.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\StackExchange.Redis.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaSecretEncryptionManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachineAPI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ISdkLogic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Polly.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\DiscUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.OData.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Host.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.HadrData.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\es\CloudCommon.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.ManagedMachineAPI.HostSideAdapter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Licensing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaSqlScriptBuilder.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Avro.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Identity.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID1E1.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaSqlUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSPlugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\StandardSocketsHttpHandler.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.HCL.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Grpc.Net.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.TlsCertificateVerification.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ControllerInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.PolicyEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\IControllerDALInternal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.DependencyInjection.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Strings.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Logging.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSiteProvider.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Tokens.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.MachineCreationAPI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Text.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.ManagedMachineAPI.Contracts.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Authentication.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.WebKey.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ISecondaryBrokerControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Citrix.Base.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.IO.FileSystem.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.Sdk.Sfc.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\32\ccauthcpp_dynamic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.ComponentModel.Annotations.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaSiteServices.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\zh-CN\CloudCommon.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.EC2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.ConfigLogging.Wcf.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\BrokerServiceSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB14.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Diagnostics.PerformanceCounter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.HadrModel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICF8D.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2EE.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Windows.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaFilteringSdkSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipelines.Sockets.Unofficial.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\GpfxSettings.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\CloudCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.HostView.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Memory.Data.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Buffers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Interop.NetFwTypeLib.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Web.Http.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.CollectorEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Wcf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\OpenTelemetry.Exporter.OpenTelemetryProtocol.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Citrix.Base.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.XenDesktop.Cloud.DataStore.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.ManagedMachineAPI.AddInSideAdapter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID211.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.ServiceBus.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\cs\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.DelegatedAdmin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Utilities.AssemblyResolver.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.ConfigurationLogging.Rest.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Monitor.BrokerCodes.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Deployment.Compression.Cab.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaProductInfo.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\DiscUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.x86.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Buffers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI99A3.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\pt-BR\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\OperationalEvents.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\es\Citrix.Base.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaRegistry.Interface.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaLogging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaLogging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Clients.ActiveDirectory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICFCC.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\PluginUtilities.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Services.AppAuthentication.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Memory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\CustomProvisioningCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.TlsCertificateVerification.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\fr\CloudCommon.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Storage.Blob.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ProxyFmaSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaPlugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.VisualStudio.Validation.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.WindowsAzure.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\DiscUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSiteManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Bcl.AsyncInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Assessment.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Rest.ClientRuntime.Azure.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Smo.Notebook.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Protocols.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Configuration.Binder.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Trust.Library.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.IO.Pipelines.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Interface.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.SqlParser.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Spatial.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\TicketStore.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ControllerDAL.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\Citrix.HCL.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Http.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\es\Citrix.CloudServices.Core.Api.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\NetLicWrapper.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Grpc.Net.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\RestSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceControlInterface.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\CtxMcp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\pt-BR\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Utilities.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Security.CCAuth.Managed.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\GpXmlSchema.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\GpDocument.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB82.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\RestSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\OpenTelemetry.Api.ProviderBuilderExtensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.HCL.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\FmaCommonEnvTests.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceDiscovery.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.HCL.Shared.Adapters.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\OpenTelemetry.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.ValueTuple.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachineAPI.HostView.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\PluginUtilities.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HCL.Shared.Contracts.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaIdentity.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\StandardSocketsHttpHandler.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\StackExchange.Redis.StrongName.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaRegistry.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.ServiceProcess.ServiceController.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\pt-BR\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Security.Principal.Windows.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Dmf.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.StrongName.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\es\ConfigLoggingSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\RemoteHCLClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.OperationalEvents.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\StandardSocketsHttpHandler.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\DiscUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\fr\SCVMM.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\RegistryCounters.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\protobuf-net.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Configuration.Rest.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\SdkDalAttributes.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\System.Collections.Immutable.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Services.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\fr\FmaConfigLoggingClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.IconConverter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Trust.Api.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\Newtonsoft.Json.CH.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9983.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\IBrokerAdminQuery.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Services.ServiceHosting.WindowsServiceHostingApi.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\de\FmaCommonEnvTests.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\SdkInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\it\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.Interface.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.Utilities.Sids.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Citrix\Broker\Service\DocumentFormat.OpenXml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID211.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICFCC.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC641.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB14.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICF8D.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2EE.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID0F6.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC5C3.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC535.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICEEF.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID28F.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID1E1.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID31E.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDD31.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB82.tmpJump to dropped file
        Source: C:\Windows\SysWOW64\msiexec.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Citrix XML Service\PerformanceJump to behavior
        Source: C:\Windows\System32\svchost.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\ConfigJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe" sidtype CitrixBrokerService unrestricted
        Source: C:\Windows\SysWOW64\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7613BA1FFF7E3EEF6E1BD42237A9A3D68FC2EE7E BlobJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Query firmware table information (likely to detect VMs)
        Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeMemory allocated: 194911A0000 memory reserve | memory write watch
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeMemory allocated: 194AAA60000 memory reserve | memory write watch
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeMemory allocated: 25004750000 memory reserve | memory write watch
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeMemory allocated: 25444A20000 memory reserve | memory write watch
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeMemory allocated: 2B30D930000 memory reserve | memory write watch
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeMemory allocated: 2B327270000 memory reserve | memory write watch
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeMemory allocated: 1A1F8310000 memory reserve | memory write watch
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeMemory allocated: 1A1F9C50000 memory reserve | memory write watch
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeMemory allocated: 21FD5900000 memory reserve | memory write watch
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeMemory allocated: 21FEF320000 memory reserve | memory write watch
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Microsoft.Extensions.ObjectPool.dll
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\RestSharp.dll
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\HypervisorsCommon.dll
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Windows\WinSxS\FileMaps\program_files_common_files_citrix_hclplugins_hypervisor_v2.73.0.0_vmware_fr_9475cb40c2be071a.cdf-msJump to behavior
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.DistributedTracing.dll
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\de\Jump to behavior
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.NgsTunnel.dll
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\DiscUtils.dll
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VimService.dll
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaLogging.dll
        Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VirtualCenter.Interfaces.dll
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Windows\WinSxS\FileMaps\program_files_common_files_citrix_hclplugins_hypervisor_v2.73.0.0_vmware_es_9475cb66c2be06c0.cdf-msJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\ja\Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Windows\WinSxS\FileMaps\program_files_common_files_citrix_hclplugins_hypervisor_v2.73.0.0_vmware_faedd1614d3ab39e.cdf-msJump to behavior
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.TlsCertificateVerification.dll
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VirtualCenter.Operations.dll
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\fr\Jump to behavior
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VirtualCenter.dll
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Newtonsoft.Json.dll
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaUtils.dll
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.Authentication.Models.dll
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\StandardSocketsHttpHandler.dll
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Windows\WinSxS\FileMaps\program_files_common_files_citrix_hclplugins_hypervisor_v2.73.0.0_vmware_zh-cn_f2c0c926ac359074.cdf-msJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\zh-CN\Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Windows\WinSxS\FileMaps\program_files_common_files_citrix_hclplugins_hypervisor_v2.73.0.0_vmware_de_9475cb6ec2be06ed.cdf-msJump to behavior
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VimService.XmlSerializers.dll
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Windows\WinSxS\FileMaps\program_files_common_files_citrix_hclplugins_hypervisor_v2.73.0.0_vmware_ja_9475ca8ec2be08f7.cdf-msJump to behavior
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaEnv.dll
        Source: C:\Windows\System32\msiexec.exeFile opened / queried: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\es\Jump to behavior
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 7200000
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 7199888
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 7200000
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeWindow / User API: threadDelayed 379
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeWindow / User API: threadDelayed 4214
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeWindow / User API: threadDelayed 5625
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeWindow / User API: threadDelayed 424
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\HypervisorsCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\HypervisorsCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FMAUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\Citrix.Base.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.VirtualSiteRegistry.Rest.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Http.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerAdminQuery.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Unity.Container.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Grpc.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Contracts.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Dynamic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.Http.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.ServiceCommon.KeySharingInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerFiltering.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\es\SCVMM.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\FmaConfigLoggingClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\tr\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\IControllerDAL.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\GpAnalyzer.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Tc.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Drawing.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\NLog.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\GpAnalyzer.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID0F6.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\ja\SCVMM.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Net.Http.WinHttpHandler.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.AspNet.CitrixCloud.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Settings.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ko\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\GpDocument.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaSchemaProbeDal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\LhcUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.SqlScriptPublish.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\GpfxSettings.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\LicPolEng.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceStatus.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BouncyCastle.Cryptography.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Management.Automation.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\CredentialSecurity64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerDAL.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Microsoft.Bcl.AsyncInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\FmaConfigLoggingClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Polly.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC5C3.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Memory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Logging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\it\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Interfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\RemoteHCLCLient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaServiceStatus.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ProxyCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Text.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\protobuf-net.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Interfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ADIdentityInterService.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\SdkAttributes.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Ism.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Aws.Batcher.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utilities.AssemblyResolver.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.Assessment.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\Citrix.IconConverter.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Logging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\FmaCommonEnvTests.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC535.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\iobfuncdll.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.WebSocket.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Security.Cryptography.Xml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.OperationalEvents.Broker.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.WmiEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Utilities.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\zh-CN\SCVMM.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.DelegatedAdmin.Rest.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaEnvTestInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Text.Encoding.CodePages.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasEventHubClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerSDKLogic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Posh.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaLogging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\ConfigLoggingSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Identity.Client.Extensions.Msal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Storage.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Wcf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ICwcSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Grpc.Client.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9878.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\Citrix.CloudServices.Core.Api.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SqlEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Networking.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\BrokerServiceSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\SCVMM.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.Authentication.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Smo.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Services.ServiceLocator.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\GpAnalyzer.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerSDKDefinition.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ComponentInterface.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Interop.GPMGMTLib.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utilities.AssemblyResolver.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaEnv.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaEnv.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ILeasingControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Net.Http.Formatting.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\cs\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Azure.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Bcl.HashCode.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\ConfigLoggingSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HypervisorCommunicationsLibrary.AddInSideAdapter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Security.Cryptography.ProtectedData.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasConfigClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerComponent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.XenDesktop.Cloud.DataStore.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SmoExtended.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\System.Buffers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.HypervisorCommunicationsLibrary.HostSideAdapter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\IEdgeProxySupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\Castle.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cdf.Net.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.ServiceCore.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\it\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\FmaCommonEnvTests.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Rest.ClientRuntime.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaSchemaTools.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaSecretEncryption.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Google.Protobuf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.Wcf.Types.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Security.Permissions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaDalRuntime.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\GpContracts.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaDependencyInjection.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Microsoft.WindowsAzure.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\amd64\libccauth.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.ADIdentity.DataModel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\HostingManagementComponent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ko\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Assessment.Types.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.CasDispatcher.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Wcf.Client.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SqlWmiManagement.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\NLog.ManualFlush.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\GpDocument.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.RateLimiting.Wcf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Serialization.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DelegatedAdminInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Logging.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Deployment.Compression.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.DependencyInjection.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingShared.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Diagnostics.Tracing.EventSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaFeature.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.ApplicationInsights.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SqlClrProvider.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Broker.CasCommandQueuePayload.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.Collector.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Diagnostics.Tracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\IBrokerDAL.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Diagnostics.EventLog.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.ValueTuple.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaActiveDirectory.Interfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utilities.EnumCache.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.ServiceRegistry.Grpc.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\DnsIpSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\pt-BR\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\BrokerServiceSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Dmf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\GpDocument.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.VisualStudio.Threading.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingClientInterService.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Exporter.Cas.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\IDnsIpSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\HypervisorsCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Rest.Client.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ru\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.ObjectPool.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\IBrokerDALInternal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.arm64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.ServiceBrokerEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Wcf.Client.Interfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.ConnectionInfo.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Win32.Registry.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.Wcf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaActiveDirectory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.Http.Features.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.RateLimiting.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.x64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Microsoft.Extensions.ObjectPool.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\de\CloudCommon.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\SchemaFeatures.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Configuration.ConfigurationManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceRegistration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Settings.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\SchemaFeature.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\de\SCVMM.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaWcf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\64\ccauthcpp_dynamic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\RebootSchedules.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Uri.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\pl\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\HypervisorsCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\ja\CloudCommon.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Unity.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICEEF.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Options.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\HypervisorsCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaSiteServicesSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\Citrix.HCL.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\GpfxSettings.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID34D.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\CtxSta.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Security.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaTransactionScope.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\Citrix.CloudServices.Core.Api.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\System.Memory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.S3.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.ServiceRegistry.Rest.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\DiscUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.RegSvrEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEventDbScopedEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\GpfxSettings.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaFiltering.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\Citrix.IconConverter.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Grpc.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\NewRelic.Api.Agent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaEventLog.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\DelegatedAdminSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\pl\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Serilog.Sinks.File.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Serilog.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\SDKUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\Citrix.IconConverter.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC641.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.WindowsAzure.Storage.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.IdentityModel.Tokens.Jwt.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.Shared.Adapters.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Wcf.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\System.Spatial.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachinePluginFinder.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaDalAttributes.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Tools.Sql.BatchParser.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utilities.EnumCache.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaCommonEnvTests.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDD31.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.CodeDom.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.EBS.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.RegisteredServers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Logging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Protocols.OpenIdConnect.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaIdentity.Interfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ConfigLoggingSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Monitoring.ApplicationInsights.Shared.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\BrokerServiceSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.NgsTunnel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEventDbScoped.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ComponentInterface.Constants.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\CookComputing.XmlRpcV2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaAbstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\tr\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\CtxAdmin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\grpc_csharp_ext.x86.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Security.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Castle.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.SecurityToken.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID31E.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEventEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.JsonWebTokens.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Google.Api.CommonProtos.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\Microsoft.VisualStudio.Threading.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.SystemWebAdapters.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Grpc.Core.Api.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\FmaConfigLoggingClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Edm.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\CbpConstants.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\GpAnalyzer.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Threading.Channels.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.KeySharing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Data.SqlClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.MachineCreationAPI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ActiveDirectory.SiteManagement.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\OpenIddict.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\Citrix.CloudServices.Core.Api.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\i386\libccauth.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\Citrix.IconConverter.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaDalExceptions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\grpc_csharp_ext.x64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\OpenTelemetry.Api.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Logging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Wcf.Types.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.ServiceModel.NetTcp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID28F.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Threading.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Redis.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Configuration.ConfigurationManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.OnPremiseCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.Xaxd.Utils.Strings.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Win32.Registry.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.ObjectPool.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Features.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Tenancy.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\ConfigLoggingSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerServiceSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEvent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Exceptions.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Duplex.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\DiscUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Net.Http.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Hostname.Interfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\StackExchange.Redis.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaSecretEncryptionManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachineAPI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ISdkLogic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Polly.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\it\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\DiscUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.OData.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Host.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Signer.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.HadrData.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\es\CloudCommon.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.ManagedMachineAPI.HostSideAdapter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Licensing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaSqlScriptBuilder.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Avro.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Identity.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\CbpControllerSdk.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID1E1.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaSqlUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSPlugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.SqlServer.Management.SqlParser.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.IdentityManagement.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\StandardSocketsHttpHandler.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.HCL.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\CdeEvents.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Grpc.Net.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\HighAvailabilityServiceEventLogResources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.TlsCertificateVerification.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ControllerInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.PolicyEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\IControllerDALInternal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.DependencyInjection.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerCdeLibrary.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Strings.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.Services.Client.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Logging.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\HypervisorsCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\EventLogCodeGenHelper.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSiteProvider.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Tokens.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.MachineCreationAPI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Azure.Identity.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Reflection.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Text.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.SqlClient.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.ManagedMachineAPI.Contracts.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Retry.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Authentication.Models.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.WebKey.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ISecondaryBrokerControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\Citrix.Base.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerEnvTests.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.IO.FileSystem.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Exceptions.Interfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\32\ccauthcpp_dynamic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaCommandLine.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerComponentCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.ComponentModel.Annotations.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaSiteServices.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.EC2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\zh-CN\CloudCommon.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.ConfigLogging.Wcf.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\BrokerServiceSupport.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.HadrModel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Diagnostics.PerformanceCounter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICF8D.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICB14.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID2EE.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Hostname.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.OData.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Windows.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.Edm.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaFilteringSdkSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\BrokerServiceEventLogResources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipelines.Sockets.Unofficial.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\GpfxSettings.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\CloudCommon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.HostView.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Memory.Data.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Buffers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\System.Web.Http.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Interop.NetFwTypeLib.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.CollectorEnum.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Wcf.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\OpenTelemetry.Exporter.OpenTelemetryProtocol.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Retry.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\fr\Citrix.Base.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.XenDesktop.Cloud.DataStore.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.ManagedMachineAPI.AddInSideAdapter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID211.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.ServiceBus.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\cs\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.DelegatedAdmin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Core.Api.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Utilities.AssemblyResolver.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Rest.Client.Interfaces.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.ConfigurationLogging.Rest.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Monitor.BrokerCodes.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\ru\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Deployment.Compression.Cab.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\GpAnalyzer.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaProductInfo.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\DiscUtils.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.x86.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Buffers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\pt-BR\Microsoft.VisualStudio.Validation.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI99A3.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\OperationalEvents.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\es\Citrix.Base.resources.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaRegistry.Interface.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Common.Headers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaLogging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\FmaLogging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Clients.ActiveDirectory.dllJump to dropped file
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 5832Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 5832Thread sleep time: -7200000s >= -30000s
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 6196Thread sleep count: 379 > 30
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 6196Thread sleep count: 97 > 30
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 5832Thread sleep time: -7199888s >= -30000s
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 2380Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 2436Thread sleep count: 34 > 30
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 2436Thread sleep time: -31359464925306218s >= -30000s
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 2436Thread sleep time: -7200000s >= -30000s
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 7132Thread sleep count: 4214 > 30
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exe TID: 2044Thread sleep count: 5625 > 30
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe TID: 2468Thread sleep time: -3689348814741908s >= -30000s
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe TID: 2468Thread sleep time: -100000s >= -30000s
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe TID: 6240Thread sleep count: 424 > 30
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe TID: 6240Thread sleep count: 199 > 30
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe TID: 6924Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe TID: 6936Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe TID: 4704Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 7200000
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 7199888
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeThread delayed: delay time: 7200000
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeThread delayed: delay time: 922337203685477
        Source: DiscUtils.dll4.4.drBinary or memory string: EFI%VMware File System
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp, Citrix.HypervisorCommunicationsLibrary.dll.4.dr, Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: VirtualMachineState
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ActionEurn:ps/IHypervisorCallbacks/ValidateVirtualMachineConfigurationUpdateT
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: Actionmurn:ps/IHypervisorCommunicationsLibraryInterface/GetVmNetworkInterfaceDetailsRemoteHclCommunicationFaultFaultT
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: `C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\BlankVhdTemplate.vhd
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CallerMemberNameAttributeTargetFrameworkAttributeAssemblyDelaySignAttributeAssemblyFileVersionAttributeAssemblyInformationalVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttributeInternalsVisibleToAttributeServiceBehaviorAttributeRefSafetyRulesAttributeCompilationRelaxationsAttributeAssemblyProductAttributeAssemblyCopyrightAttributeCLSCompliantAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributeByteget_Valueset_ValuemetadataValueGetValuenewValueset_KeepAliveAddCustomFieldDefPrivilegePolicyDefserviceRefovfRefresourcePoolRefvmRefmachineFolderReffolderRefsessionManagerRefcustomFieldsManagerRefhostRefLogOffSystem.ThreadingMicrosoft.Extensions.LoggingSystem.Runtime.VersioningToBase64StringEscapeDataStringSecureStringToStringPluginLogTraceMsgStopwatchFlushget_VhdTemplatePathimageDiskPathvmwareFolderPathdatacenterPathpathget_LengthGetFileLengthfileLengthset_ContentLengthVimApiget_AbsoluteUriproxyUriset_ServerCertificateCustomValidationCallbackget_SectorsPerTracklogonLockDiscUtils.VmdkSeekToSplunkSuspendVM_TaskCloneVM_TaskRelocateVM_TaskCreateVM_TaskPowerOffVM_TaskReconfigVM_TaskPowerOnVM_TaskResetVM_TaskDeleteDatastoreFile_TaskMoveDatastoreFile_TaskRename_TaskSearchDatastore_TaskCheckRelocate_TaskCreateVirtualDisk_TaskDeleteVirtualDisk_TaskCopyVirtualDisk_TaskRemoveAllSnapshots_TaskCreateSnapshot_TaskRevertToSnapshot_TaskDestroy_TaskReadDiskUploadDiskisStreamingDiskIVirtualDiskFromVirtualDiskPopulateNewDiskop_GreaterThanOrEqualSystem.ServiceModelSystem.ComponentModelCitrix.Xaxd.NgsTunnelLogLevelCallVirtualCenter.Operations.dllHttpWebClientProtocolget_Urlset_UrlvimServiceUrlserviceUrlbaseUrlGetDatastoreFileAccessUrlGetDatastoreFolderAccessUrlGetResponseStreamSparseStreamdiskStreamFromStreamOpenStreamGetRequestStreamSparseMemoryStreamget_ItemDiscFileSystemInMemoryFileSystemloggedOnLogOnsuppressPowerOnBooleanTimeSpanX509ChainchainCreateDomainTestHypCertificateInNewAppDomainget_CurrentDomainSeekOriginLoginget_RevisionGetVmwareVersionvmwareVersioncurrentStateVersionget_apiVersionversionUserSessionsessionDiskImageFileSpecificationCitrix.HCL.TlsCertificateVerificationSystem.Security.AuthenticationNGSLocationCheckStorageLocationget_SetupInformationSystem.Globalizationset_LoaderOptimizationactionSystem.ReflectionfunctionIFileDiskDefinitiondiskDefinitionset_Positionget_IsFatFilePartitionSearchOptionsearchOptionIOExceptionWebExceptionNotImplementedExceptionFileNotFoundExceptionManagedMachineGeneralExceptionArgumentNullExceptionVCenterSslCertificateAuthenticationExceptionInvalidOperationExceptionNotAuthorizedForOperationExceptionget_InnerExceptionVCenterMisconfiguredEndpointsExceptionArgumentExceptionsnapshotDescriptionHypervisorsCommonsearchPatternCultureInfoStoreCertificateInfoFileSystemInfoAboutInfoDirectoryInfoCreateInstanceAndUnwrapcdpOwnershipStopSystem.Net.HttpAppDomainSetupSystem.LinqILogProviderIFormatProviderDiskImageBuilderStringBuilderDiskBuilderdatastoreAccessUrlBuilderdestinationFoldertargetFoldersenderget_HeadsPerCylinder
        Source: RegisterPlugins.exe, 00000024.00000002.2064004697.000001A1F83B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaLogging.dll`
        Source: BrokerService.exe, 0000001D.00000002.1910073183.0000019492A61000.00000004.00000800.00020000.00000000.sdmp, BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
        Source: BrokerService.exe, 0000001F.00000002.2556016980.00000254519F2000.00000002.00000001.01000000.00000049.sdmpBinary or memory string: W.VMToolsStateT
        Source: BrokerService.exe, 0000001D.00000002.1909653018.0000019491202000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: <MissingVirtualMachineReportingEnabled>k__BackingField
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ZC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VimService.dllCitr@{3
        Source: Broker_Service_x64.msiBinary or memory string: DiscUtilsVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268Hp
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: eC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.NgsTunnel.dll
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ActionMurn:ps/IHypervisorCommunicationsLibraryInterface/GetVmNetworkInterfaceDetailsT
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetVmwareVersion
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #VMware\VirtualCenter.Operations.dll
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ConvertArrayUsingCreateVmNetworkInterfaceDetailsConverter
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware\VimService.dll
        Source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: <14>__CreateVmNetworkInterfaceDetails
        Source: BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: ERROR: CheckResetVirtualMachineOperations returned unknown operationId: {0}[QueryMcsForCompletedResetActions: Failed: {0}yStartPendingPowerActions: Invalid credentials, no work to dokStartPendingPowerActions: MaxActions=0, no work to doQStartPendingPowerActions: MaxActions={0}wStartPendingPowerActions: No pending actions, no work to do/StartPendingPowerAction
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: VirtualMachineStateResult
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: Action[urn:ps/IHypervisorCallbacks/ValidateVirtualMachineConfigurationUpdateRemotePluginFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionEhttp://tempuri.org/IMachineCreationApi/PollVirtualMachineCapabilitiesT
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.TlsCertificateVerification.dll
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VirtualCenter.Interfaces.dll
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, Citrix.HypervisorCommunicationsLibrary.dll.4.dr, Citrix.HypervisorCommunicationsLibrary.HostView.dll.4.drBinary or memory string: get_VirtualMachineId
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #VMware\VirtualCenter.Interfaces.dll
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: VmwareCloudOnAwsEnabled
        Source: BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: McsResetVMqMcsResetVM: proxy.StartResetVirtualMachine performed {0}
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: UCitrix.InterServiceApiSpecifications.MachineCreationService.VirtualMachineStateResultX
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionGhttp://tempuri.org/IMachineCreationApi/StartResetVirtualMachineResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <GetProvisionedVirtualMachineBySid>b__0
        Source: Broker_Service_x64.msiBinary or memory string: BlankDiskVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: Citrix.HypervisorCommunicationsLibrary.HostView.dll.4.drBinary or memory string: <VirtualMachineId>k__BackingField
        Source: BrokerService.exe, 0000001F.00000002.2556016980.00000254519F2000.00000002.00000001.01000000.00000049.sdmpBinary or memory string: VirtualMachineNotFound
        Source: BrokerService.exe, 0000001F.00000002.2556016980.00000254519F2000.00000002.00000001.01000000.00000049.sdmpBinary or memory string: <VMToolsState>k__BackingField
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <CheckResetVirtualMachineOperations>b__0
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionNhttp://tempuri.org/IMachineCreationApi/CheckVirtualMachinePowerActionsResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: TerminateTask)UpdateProvVmHostVmId=PollVirtualMachineCapabilitiesMGetMaximumMachineCapabilitiesQuerySize
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionNhttp://tempuri.org/IMachineCreationApi/BeginVirtualMachineStateChangesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ZCitrix.InterServiceApiSpecifications.MachineCreationService.VirtualMachinePowerStateResult
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: VirtualMachineStateResultT
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ActionNurn:ps/IHypervisorCallbacks/GetVmNetworkInterfaceDetailsRemotePluginFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: WindowsActivationTypeProvisionedVirtualMachineField
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionIhttp://tempuri.org/IMachineCreationApi/CheckResetVirtualMachineOperationsT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: UCitrix.InterServiceApiSpecifications.MachineCreationService.VirtualMachineStateResult
        Source: BrokerService.exe, 0000001F.00000002.2553794425.0000025450D72000.00000002.00000001.01000000.0000003E.sdmpBinary or memory string: VirtualMachineType
        Source: RegisterPlugins.exe, 00000024.00000002.2064004697.000001A1F83B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\*
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, Citrix.HypervisorCommunicationsLibrary.dll.4.drBinary or memory string: UnknownVirtualMachine
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: StartVirtualMachinePowerActions
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ProvisionedVirtualMachineT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionEhttp://tempuri.org/IMachineCreationApi/StartVirtualMachinePowerActionT
        Source: svchost.exe, 00000006.00000002.2538604510.0000016D5DC2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: RegisterPlugins.exe, 00000024.00000002.2064004697.000001A1F83B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.NgsTunnel.dll
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: Actionzurn:ps/IHypervisorCommunicationsLibraryInterface/ValidateVirtualMachineConfigurationUpdateRemoteHclCommunicationFaultFaultT
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: oC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Microsoft.Extensions.ObjectPool.dll
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: VmwarePluginBrowseVmFolder
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: get_WindowsActivationTypeProvisionedVirtualMachine
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: InterService3GetProvisioningSchemeByIdCGetProvisionedVirtualMachineBySid1StartResetVirtualMachine-CheckResetVmOperationsECheckResetVirtualMachineOperations=StartVirtualMachinePowerAction?StartVirtualMachinePowerActions?CheckVirtualMachinePowerActionsIBeginVirtualMachinePowerStateChangesICheckVirtualMachinePowerStateChanges?BeginVirtualMachineStateChanges?CheckVirtualMachineStateChanges;PollVirtualMachinePowerStates;GetMaximumPowerStateQuerySize
        Source: BrokerService.exe, 0000001F.00000002.2556016980.00000254519F2000.00000002.00000001.01000000.00000049.sdmpBinary or memory string: set_VMToolsState
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ]C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VirtualCenter.dll
        Source: RegisterPlugins.exe, 00000024.00000002.2064004697.000001A1F83B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\RestSharp.dllRq"
        Source: BrokerService.exe, 0000001D.00000002.1910073183.0000019492A61000.00000004.00000800.00020000.00000000.sdmp, BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !Hyper-V PowerShell Direct Service
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionFhttp://tempuri.org/IMachineCreationApi/CheckVirtualMachineStateChangesT
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.Authentication.Models.dll
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: _C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Newtonsoft.Json.dll
        Source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: numberOfVMs#virtualMachineUid!storageLocations-primaryStorageLocation3secondaryStorageLocations9allSecondaryStorageLocations
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: mC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\PvsVmTemplateForPreparationVM.vhd
        Source: Broker_Service_x64.msiBinary or memory string: HCLTlsCertificateVerificationVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268"!
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: jC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\StandardSocketsHttpHandler.dll
        Source: Broker_Service_x64.msiBinary or memory string: TemplateDiskForPreparationVMVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268&`
        Source: BrokerAdminService.dll.4.drBinary or memory string: VMToolsState
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <PollVirtualMachineCapabilities>b__0
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <StartVirtualMachinePowerAction>b__0
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionNhttp://tempuri.org/IMachineCreationApi/StartVirtualMachinePowerActionsResponse
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ReplyActionburn:ps/IHypervisorCommunicationsLibraryInterface/ValidateVirtualMachineConfigurationUpdateResponse
        Source: Broker_Service_x64.msiBinary or memory string: HypervisorsCommonVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: Broker_Service_x64.msiBinary or memory string: DiscUtilsVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VirtualCenter.Operations.dll21
        Source: svchost.exe, 00000006.00000002.2539358038.0000016D5DC8C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: VmNetworkInterfaceIpAddressAdapter
        Source: DiscUtils.dll4.4.drBinary or memory string: VirtualMachineBuilder
        Source: RegisterPlugins.exe, 00000024.00000002.2064004697.000001A1F83B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VimService.dll_q-
        Source: upgrade_site_7.21.0.0-7.22.0.0.xdu.4.drBinary or memory string: WxbJVeXVMxCb0ayFcvmqyKhgFsZkNqbzbyTXhzSSzGLv1BvIGhaVJjAEQPOP5qYZN4vfgP7ipDE9
        Source: Citrix.HypervisorCommunicationsLibrary.dll.4.drBinary or memory string: VmwarePluginFactoryName
        Source: Broker_Service_x64.msiBinary or memory string: SUx RestSharpVMware.C98D514E_DF5A_4FD6_9A45_A29017538268xC
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionMhttp://tempuri.org/IMachineCreationApi/StartVirtualMachinePowerActionResponse
        Source: BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
        Source: Broker_Service_x64.msiBinary or memory string: NewtonsoftJsonVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: CreateVmNetworkInterfaceIpAddress
        Source: Broker_Service_x64.msiBinary or memory string: FmaLoggingVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268H~H
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionKhttp://tempuri.org/IMachineCreationApi/BeginVirtualMachinePowerStateChangesT
        Source: BrokerService.exe, 0000001D.00000002.1909653018.0000019491202000.00000002.00000001.01000000.0000000C.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: get_MissingVirtualMachineReportingEnabled
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <StartResetVirtualMachine>b__0
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VmwarePluginCloudDDC
        Source: BrokerService.exe, 0000001F.00000002.2556016980.00000254519F2000.00000002.00000001.01000000.00000049.sdmpBinary or memory string: get_VMToolsState
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareFolderPath
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VmwarePluginCloudDDCy
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: VirtualMachinePowerStateResult
        Source: BrokerService.exe, 0000001D.00000002.1910073183.0000019492A61000.00000004.00000800.00020000.00000000.sdmp, BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
        Source: BrokerService.exe, 0000001D.00000002.1910073183.0000019492A61000.00000004.00000800.00020000.00000000.sdmp, BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -Hyper-V Remote Desktop Virtualization Service
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: UCitrix.InterServiceApiSpecifications.MachineCreationService.ProvisionedVirtualMachineK
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionMhttp://tempuri.org/IMachineCreationApi/PollVirtualMachineCapabilitiesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: VirtualMachineIdField
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionHhttp://tempuri.org/IMachineCreationApi/GetProvisionedVirtualMachineBySidT
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp, BrokerService.exe, 0000001F.00000002.2553794425.0000025450D72000.00000002.00000001.01000000.0000003E.sdmp, Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: VirtualMachinePowerAction
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.Interfaces
        Source: Broker_Service_x64.msiBinary or memory string: FmaLoggingVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: StartVirtualMachinePowerAction
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <PollVirtualMachinePowerStates>b__0
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: set_WindowsActivationTypeProvisionedVirtualMachine
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: XC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaUtils.dll
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: McsUpdateProvSchemeTaskVmwareFactory
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <CheckVirtualMachineStateChanges>b__0
        Source: BrokerService.exe, 0000001D.00000002.1910073183.0000019492A61000.00000004.00000800.00020000.00000000.sdmp, BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
        Source: Broker_Service_x64.msiBinary or memory string: RestSharpVMware.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: BeginVirtualMachineStateChanges
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ConvertVirtualMachineIdentifierArrayToWcf
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: Action8urn:ps/IHypervisorCallbacks/GetVmNetworkInterfaceDetailsT
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: RemoteHCLClient.Hypervisor::ValidateVirtualMachineConfigurationUpdate originalSpecification.Name=9, updatedSpecification.Name=
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: CheckResetVirtualMachineOperations
        Source: Broker_Service_x64.msiBinary or memory string: FmaUtilsVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: <GetVmNetworkInterfaceDetails>b__1
        Source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: <GetVmNetworkInterfaceDetails>b__0
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware\VirtualCenter.dll-
        Source: svchost.exe, 00000006.00000002.2538142000.0000016D5DC02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: BeginVirtualMachinePowerStateChanges
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: mC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.DistributedTracing.dll153_0<>@{3
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: VmwareCloudOnGcpEnabled
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\RestSharp.dll
        Source: RegisterPlugins.exe, 00000024.00000002.2064004697.000001A1F83B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.Authentication.Models.dll
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp, Citrix.HypervisorCommunicationsLibrary.dll.4.dr, Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: virtualMachineUid
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ConvertVirtualMachineStateToHcl
        Source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: MachineManagerFactoryMaximumOperationsInProgressAbsoluteDefaultkMachineManagerFactoryMaximumOperationIssueRateDefaultEMachineManagerFactoryLocalizedNameSMachineManagerFactoryLocalizedDescription[MachineManagerFactoryExampleConnectionAddressiMachineManagerFactoryValidateConnectionAddressFormat!EnumerateRegions'CreateSecurityGroup'DeleteSecurityGroup;AuthorizeSecurityGroupIngress9AuthorizeSecurityGroupEgress5RevokeSecurityGroupIngress3RevokeSecurityGroupEgress-SerializeSecurityGroup1DeserializeSecurityGroup9DiskImageToInfrastructureUid+ChangeDiskPersistence/PrepareDiskIdForDisplay!GetMachineStates?GetMaximumMachineStateQuerySize3GetFullMachineDescriptionGGetUpdateMachineCustomDataBatchSize/UpdateMachineCustomData;ValidateSetProvisioningSchemeSValidateVirtualMachineConfigurationUpdate-ValidateNewImageScheme3ValidateProvInventoryItem;SetMachineCatalogResourceTagsAGetProvOrphanedResourceUnmanaged=GetProvOrphanedResourceManagedISetMachineResourceTagsWithCustomData9GetVmNetworkInterfaceDetails)IsPageFileRedirected5GetWriteBackCacheDiskIndexCValidateProvMetadataConfiguration#configurationName%configurationValue+MergeCustomProperties+DisposeMachineManagerMGetMaximumMachineCapabilitiesQuerySize#connectionDetails-GetMachineCapabilities+machineIdToCustomData
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: CreateVmNetworkInterfaceDetails
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: Action?http://tempuri.org/IMachineCreationApi/StartResetVirtualMachineT
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OrchVMWareResetProvVMDisk
        Source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: VmNetworkInterfaceDetailsAdapter
        Source: Broker_Service_x64.msiBinary or memory string: Microsoft.Extensions.ObjectPoolVmWare.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionShttp://tempuri.org/IMachineCreationApi/CheckVirtualMachinePowerStateChangesResponse
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: VmwarePluginSupportsDataDisk
        Source: DiscUtils.dll4.4.drBinary or memory string: -DiscUtils.Xva.VirtualMachine+<get_Disks>d__11>
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: PollVirtualMachinePowerStates
        Source: Broker_Service_x64.msiBinary or memory string: TemplateDiskForPvsBdmVMware.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: }8Citrix.PoolManagement.VMManager.VmmImplementation.Vmware
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: IsDumSupported=IsLocalStorageCachingAvailable9InfrastructureUidToDiskImage9DiskImageToInfrastructureUid+ChangeDiskPersistence/PrepareDiskIdForDisplay?GetMaximumMachineStateQuerySize3GetFullMachineDescription/UpdateMachineCustomData;ValidateSetProvisioningSchemeSValidateVirtualMachineConfigurationUpdate-ValidateNewImageScheme)IsPageFileRedirected+MergeCustomProperties9GetVmNetworkInterfaceDetailsAGetProvOrphanedResourceUnmanaged=GetProvOrphanedResourceManaged;SetMachineCatalogResourceTagsISetMachineResourceTagsWithCustomData5GetWriteBackCacheDiskIndexMGetMaximumMachineCapabilitiesQuerySize-GetMachineCapabilitiesCValidateProvMetadataConfiguration5RunStorageEnvironmentTests5RunNetworkEnvironmentTestsCRunInfrastructureEnvironmentTests;RunConnectionEnvironmentTests+RunVmEnvironmentTests%GetLocalizedStringAReadVMMetadataFromMachineProfile3ValidateProvInventoryItemYMaximumOperationsInProgressPercentageDefault_GetMaximumOperationsInProgressPercentageDefaultUMaximumOperationsInProgressAbsoluteDefault[GetMaximumOperationsInProgressAbsoluteDefaultAMaximumOperationIssueRateDefaultGGetMaximumOperationIssueRateDefault
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <StartVirtualMachinePowerActions>b__0
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp, Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: Citrix.ManagedMachineAPI.VirtualMachinePowerAction, Citrix.ManagedMachineAPI, Version=2.5.0.0, Culture=neutral, PublicKeyToken=a80ce61cfbf8b47a
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: StudioVMwareMachineProfile
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: IVmwareOperations
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: StartResetVirtualMachine
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareVersion
        Source: BrokerService.exe, 0000001D.00000002.1910073183.0000019492A61000.00000004.00000800.00020000.00000000.sdmp, BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Hyper-V Volume Shadow Copy Requestor
        Source: Broker_Service_x64.msiBinary or memory string: TemplateDiskForPreparationVMVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VirtualMachineMovePriority
        Source: DiscUtils.dll4.4.drBinary or memory string: -DiscUtils.Xva.VirtualMachine+<get_Disks>d__11
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: CheckVirtualMachinePowerActions
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ActionZurn:ps/IHypervisorCommunicationsLibraryInterface/ValidateVirtualMachineConfigurationUpdateT
        Source: Broker_Service_x64.msiBinary or memory string: NewtonsoftJsonVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268H
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: PollVirtualMachineCapabilities
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionShttp://tempuri.org/IMachineCreationApi/BeginVirtualMachinePowerStateChangesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmp, Citrix.HypervisorCommunicationsLibrary.HostView.dll.4.drBinary or memory string: set_VirtualMachineId
        Source: svchost.exe, 00000006.00000002.2539358038.0000016D5DC8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
        Source: BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: VirtualMachinePowerStateResultT
        Source: BrokerService.exe, 0000001F.00000002.2553794425.0000025450D72000.00000002.00000001.01000000.0000003E.sdmp, DiscUtils.dll4.4.drBinary or memory string: VirtualMachine
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: aC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\HypervisorsCommon.dll
        Source: BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: get_MissingVirtualMachineReporting
        Source: svchost.exe, 00000006.00000002.2538849833.0000016D5DC4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: olume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D: @
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: McsTaskNewProvSchemeVmwareFactory
        Source: svchost.exe, 00000006.00000002.2539213847.0000016D5DC80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
        Source: RegisterPlugins.exe, 00000024.00000002.2064004697.000001A1F83B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VirtualCenter.dllql
        Source: DiscUtils.dll4.4.drBinary or memory string: VMware Swap
        Source: Broker_Service_x64.msiBinary or memory string: FmaEnvVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: UCitrix.InterServiceApiSpecifications.MachineCreationService.ProvisionedVirtualMachine
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\bdm.vhd
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\DiscUtils.dll
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: virtualMachineIds
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <CheckVirtualMachinePowerActions>b__0
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionNhttp://tempuri.org/IMachineCreationApi/CheckVirtualMachineStateChangesResponse
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionFhttp://tempuri.org/IMachineCreationApi/StartVirtualMachinePowerActionsT
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware
        Source: upgrade_site_7.21.0.0-7.22.0.0.xdu.4.drBinary or memory string: OSjCVivmCi4A1SwxtCrF70RKNYwt9M4Mw+haRQv1ZSqCZy24UIN9k81sw0+HD77S/b5fuas5w5W8
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: CheckVirtualMachinePowerStateChanges
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ]C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\PvsVmTemplate.vhd
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ZCitrix.InterServiceApiSpecifications.MachineCreationService.VirtualMachinePowerStateResultZ
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionQhttp://tempuri.org/IMachineCreationApi/CheckResetVirtualMachineOperationsResponse
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: RemoteVmwareSDKOnly
        Source: svchost.exe, 00000006.00000002.2539213847.0000016D5DC64000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $@SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000e1}
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware21
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: McsTaskNewProvVMVmwareFactory
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp, Citrix.HypervisorCommunicationsLibrary.dll.4.dr, Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: VirtualMachineIdentifier
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: virtualMachineId
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: MissingVirtualMachineReporting
        Source: svchost.exe, 00000006.00000002.2539358038.0000016D5DC8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "@\??\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: Actionpurn:ps/IHypervisorCommunicationsLibraryInterface/ValidateVirtualMachineConfigurationUpdateRemotePluginFaultFaultT
        Source: HypervisorsCommon.dll0.4.drBinary or memory string: HCL-VMware: EncodeUTF8AndBase64: Decoding failed because the input byte sequence cannot be mapped to Unicode.
        Source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: <ValidateVirtualMachineConfigurationUpdate>b__1
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp, Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: <ValidateVirtualMachineConfigurationUpdate>b__0
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionLhttp://tempuri.org/IMachineCreationApi/PollVirtualMachinePowerStatesResponse
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaEnv.dll
        Source: Broker_Service_x64.msiBinary or memory string: TemplateDiskVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionDhttp://tempuri.org/IMachineCreationApi/PollVirtualMachinePowerStatesT
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 8Citrix.PoolManagement.VMManager.VmmImplementation.Vmware
        Source: HypervisorsCommon.dll0.4.drBinary or memory string: IVmNetworkInterfaceDetails
        Source: Broker_Service_x64.msiBinary or memory string: w TemplateDiskForPvsBdmVMware.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: GetProvisionedVirtualMachineBySid
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareHypervisorFactory
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ZC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaLogging.dll
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmp, BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: CheckVirtualMachineStateChanges
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ReplyActionUurn:ps/IHypervisorCommunicationsLibraryInterface/GetVmNetworkInterfaceDetailsResponse
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ReplyActionMurn:ps/IHypervisorCallbacks/ValidateVirtualMachineConfigurationUpdateResponse
        Source: upgrade_site_7.16.0.0-7.17.0.0.xdu.4.drBinary or memory string: uP2HZilPzw/PtjT+pwt3WpPeQhaOjiP7XDzAcFFOHAFhgFsMIDLHJXfmQeFJhhQWMDTSCVMhWEUb
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <CheckVirtualMachinePowerStateChanges>b__0
        Source: BrokerAdminService.dll.4.drBinary or memory string: Citrix.Broker.Admin.SDK.VMToolsState, BrokerSDKDefinition, Version=7.41.1100.0, Culture=neutral, PublicKeyToken=a80ce61cfbf8b47a
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ActionXurn:ps/IHypervisorCallbacks/GetVmNetworkInterfaceDetailsRemoteHclCommunicationFaultFaultT
        Source: Broker_Service_x64.msiBinary or memory string: HypervisorsCommonVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268H
        Source: Broker_Service_x64.msiBinary or memory string: HCLTlsCertificateVerificationVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: IBrokerDAL.dll.4.drBinary or memory string: MachineToolStateToVMToolState
        Source: Citrix.HypervisorCommunicationsLibrary.dll.4.drBinary or memory string: VmwareFactory
        Source: BrokerService.exe, 0000001D.00000002.1910073183.0000019492A61000.00000004.00000800.00020000.00000000.sdmp, BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Hyper-V Time Synchronization Service
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: <ConvertVirtualMachineIdentifierArrayToWcf>b__28_0
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionFhttp://tempuri.org/IMachineCreationApi/CheckVirtualMachinePowerActionsT
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp, Citrix.HypervisorCommunicationsLibrary.dll.4.dr, Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: ValidateVirtualMachineConfigurationUpdate
        Source: BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VmwareFactoryq]G
        Source: upgrade_site_5.1.0.0-5.6.0.0.xdu.4.drBinary or memory string: rtJP7ypXLZDwYd9APdcFLaHw+hXl3GbFbPkxMRlyzJQXoClmFwuQEMu7OUX+sJ871LnfUex2NbOp
        Source: BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: QueryMcsForCompletedResetActions: CheckResetVirtualMachineOperations returned {0} completed operations
        Source: BrokerService.exe, 0000001D.00000002.1914776721.00000194AB432000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: VmwarePluginMCSPowerManaged
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <BeginVirtualMachineStateChanges>b__0
        Source: upgrade_site_7.24.2000.0-7.24.0.0.xdu.4.drBinary or memory string: fcbqcue5k5xmk8DvRfOiM2CgvtxZp44KipdW1TOpZVVHgfs9U3YJEuT329ELtQnpvZB+uNUAWR/X
        Source: BrokerService.exe, 0000001D.00000002.1910073183.0000019492A61000.00000004.00000800.00020000.00000000.sdmp, BrokerService.exe, 0000001F.00000002.2546935378.0000025204A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ReplyActionPhttp://tempuri.org/IMachineCreationApi/GetProvisionedVirtualMachineBySidResponse
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: numberOfVMs-primaryStorageLocation3secondaryStorageLocations#virtualMachineUid!storageLocations9allSecondaryStorageLocations
        Source: RegisterPlugins.exe, 00000024.00000002.2064004697.000001A1F83B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Newtonsoft.Json.dllfqv
        Source: Broker_Service_x64.msiBinary or memory string: FmaUtilsVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268H
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareFactory, VirtualCenter, Version=7.41.1100.0, Culture=neutral, PublicKeyToken=a80ce61cfbf8b47a
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: <ConvertVirtualMachineStateToHcl>b__21_0
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: Actioncurn:ps/IHypervisorCommunicationsLibraryInterface/GetVmNetworkInterfaceDetailsRemotePluginFaultFaultT
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: <BeginVirtualMachinePowerStateChanges>b__0
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VMwareHypervisorFactory, VirtualCenter, Version=7.41.1100.0, Culture=neutral, PublicKeyToken=a80ce61cfbf8b47a
        Source: BrokerService.exe, 0000001F.00000002.2554655217.00000254515F2000.00000002.00000001.01000000.00000044.sdmpBinary or memory string: MapToMachineState: Could not parse MCS's VirtualMachinePowerState '{0}' to an HCL MachineState for machine ID '{1}'
        Source: RegisterPlugins.exe, 00000024.00000002.2064004697.000001A1F83B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.TlsCertificateVerification.dll
        Source: Broker_Service_x64.msiBinary or memory string: FmaEnvVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268H
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VMwareHypervisorFactory, VirtualCenter, Version=7.41.1100.0, Culture=neutral, PublicKeyToken=a80ce61cfbf8b47aCategory@{3
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionKhttp://tempuri.org/IMachineCreationApi/CheckVirtualMachinePowerStateChangesT
        Source: Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drBinary or memory string: GetVmNetworkInterfaceDetails
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: Actioneurn:ps/IHypervisorCallbacks/ValidateVirtualMachineConfigurationUpdateRemoteHclCommunicationFaultFaultT
        Source: svchost.exe, 0000000B.00000002.2538332592.0000025BF022B000.00000004.00000020.00020000.00000000.sdmp, BrokerService.exe, 0000001F.00000002.2551474492.00000254503FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: HypervisorsCommon.dll0.4.drBinary or memory string: IVmNetworkInterfaceIpAddress
        Source: BrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmpBinary or memory string: ReplyAction@urn:ps/IHypervisorCallbacks/GetVmNetworkInterfaceDetailsResponse
        Source: Broker_Service_x64.msiBinary or memory string: TemplateDiskVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: Broker_Service_x64.msiBinary or memory string: BlankDiskVMwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OperationContractAttributeAssemblyProductAttributeAssemblyCopyrightAttributeCLSCompliantAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributemetadataValuevalueAddCustomFieldDefPrivilegePolicyDefserviceRefovfRefresourcePoolRefvmRefmachineFolderReffolderRefcustomFieldsManagerRefhostRefSystem.Runtime.VersioningimageDiskPathvmwareFolderPathdatacenterPathpathVimApiUriDiscUtils.VmdkSuspendVM_TaskCloneVM_TaskRelocateVM_TaskCreateVM_TaskPowerOffVM_TaskReconfigVM_TaskPowerOnVM_TaskResetVM_TaskDeleteDatastoreFile_TaskMoveDatastoreFile_TaskRename_TaskSearchDatastore_TaskCheckRelocate_TaskCreateVirtualDisk_TaskDeleteVirtualDisk_TaskCopyVirtualDisk_TaskRemoveAllSnapshots_TaskCreateSnapshot_TaskRevertToSnapshot_TaskDestroy_TaskReadDiskUploadDiskIVirtualDiskSystem.ServiceModelVirtualCenter.Interfaces.dllSystemsuppressPowerOnTimeSpancurrentStateVersionCheckStorageLocationSystem.ReflectionIFileDiskDefinitiondiskDefinitionsnapshotDescriptioncdpdestinationFolderconnectionPeerserviceContentFileManagerserviceContentVirtualDiskManagerserviceContentSessionManagerserviceContentProvisioningCheckerRemoveSslHandlerCreateFiltersourceDatacenterdestinationDatacenterdatacenterConnectionDetailsAddInViewAdapter.ctorserviceContentPropertyCollectorCreateDescriptorpropertyFilterSpecsSystem.DiagnosticscloudConnectorIdsCitrix.PoolManagement.VMManager.VmmImplementation.Vmware.InterfacesVirtualCenter.InterfacesSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesDebuggingModescreateParentDirectoriesRetrievePropertiesCitrix.HypervisorCommunicationsLibrary.Wcf.TypespartialUpdatesMicrosoft.CodeAnalysisIConnectionDetailsconnectionDetailsDiscUtilsOvfCreateDescriptorParamsIVmwareOperationsWaitOptionswaitOptionsconnectionAddressaddressAttributeTargetsObjectSystem.NetUpdateSetCertificateValidationResultOvfCreateDescriptorResultRetrieveServiceContentObjectContentget_Thumbprintset_ThumbprintAddAllowedThumbprintsslThumbprintconnectionThumbprintmaxUploadRetryCountmaxCheckStorageRetryCountbaseSnapshotShutdownGuestRebootGuesthostdiskUploadResponseTimeoutdiskUploadReadWriteTimeoutconnectionTimeoutLogoutWaitForUpdatesExfieldPolicyfieldDefPolicykeyCitrix.HypervisorCommunicationsLibrarymemoryMakeDirectorydirectoryVirtualMachineMovePrioritypriorityIWebProxyproxyav
        Source: Broker_Service_x64.msiBinary or memory string: k Microsoft.Extensions.ObjectPoolVmWare.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: Citrix.HypervisorCommunicationsLibrary.dll.4.drBinary or memory string: SupportsGetVmNetworkInterfaceDetails
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: iC:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\VimService.XmlSerializers.dll
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A180001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %VMware\StandardSocketsHttpHandler.dll
        Source: BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: ActionFhttp://tempuri.org/IMachineCreationApi/BeginVirtualMachineStateChangesT
        Source: RegisterPlugins.exe, 00000024.00000002.2051062781.000001A1804BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware\VirtualCenter.dll
        Source: Broker_Service_x64.msiBinary or memory string: HCLDistributedTracingVmwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268HV
        Source: Broker_Service_x64.msiBinary or memory string: HCLDistributedTracingVmwareFile.C98D514E_DF5A_4FD6_9A45_A29017538268
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeProcess information queried: ProcessInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeMemory allocated: page read and write | page guard
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.man"Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.man"Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\wevtutil.exe "wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.man"Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe "C:\Windows\SysWOW64\sc.exe" sidtype CitrixBrokerService unrestrictedJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Citrix\Broker\Service\BrokerService.exe "C:\Program Files\Citrix\Broker\Service\BrokerService.exe" -UpgradeJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe "C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -Pipeline "C:\Program Files\Citrix\Broker\Service\Pipeline\"Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe "C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -PluginsRoot "C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\"Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\BrokerService.exe VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\ComponentInterface.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaUtils.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utilities.AssemblyResolver.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaRegistry.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaLogging.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\BrokerCdeLibrary.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cdf.Net.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\LhcUtils.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaEnv.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\System.ServiceProcess.ServiceController.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\System.Configuration.ConfigurationManager.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.RuntimeInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Strings.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaRegistry.Interface.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Microsoft.Win32.Registry.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Settings.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.Interface.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Diagnostics.Tracing.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Logging.Abstractions.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaDalRuntime.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaTransactionScope.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DistributedTracing.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaFeature.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Interface.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Interfaces.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Models.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\System.Diagnostics.DiagnosticSource.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaDependencyInjection.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\System.Diagnostics.DiagnosticSource.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaCommandLine.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\UrlAclSupport.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\RegistryCounters.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Licensing.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\XmlMultiplexer.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\XmsInterfaces.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Wpnbr.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\VirtualSites.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\CtxAdmin.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\XmsRuntime.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\ProxyCommon.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\BrokerComponentCommon.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\EventLog.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\BrokerService.exe VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\ComponentInterface.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaUtils.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utilities.AssemblyResolver.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaRegistry.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Common\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Data.Common.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.StackTrace\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.StackTrace.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tracing.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Globalization.Extensions.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Sockets\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Sockets.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\System.ValueTuple.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.RuntimeInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Cryptography.Algorithms\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Cryptography.Algorithms.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.SecureString\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.SecureString.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XPath.XDocument\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XPath.XDocument.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaLogging.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\BrokerCdeLibrary.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cdf.Net.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\LhcUtils.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaEnv.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\System.ServiceProcess.ServiceController.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\System.Configuration.ConfigurationManager.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Strings.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaRegistry.Interface.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Microsoft.Win32.Registry.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Settings.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.Interface.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Diagnostics.Tracing.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Logging.Abstractions.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaDalRuntime.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaTransactionScope.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DistributedTracing.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaFeature.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Interface.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Interfaces.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Models.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\System.Diagnostics.DiagnosticSource.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaDependencyInjection.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Settings.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\EventLog.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaWcf.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaEventLog.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaPlugin.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.DateTime.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Events.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\BrokerComponentCommon.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\TicketStore.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\HostingManagementComponent.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaSiteServices.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\RemoteHCLClient.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\BrokerSDKDefinition.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachineAPI.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\BrokerComponent.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\WorkerChannelFactoryLoader.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\CbpControllerSdk.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceRegistration.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSiteManager.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\VirtualSites.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.Utilities.Sids.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaActiveDirectory.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\FmaActiveDirectory.Interfaces.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\System.Security.Principal.Windows.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HCL.Shared.Contracts.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Contracts.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Models.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.ManagedMachineAPI.Contracts.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.Xaxd.Utils.Strings.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaEnv.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaFeature.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaLogging.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaServiceStatus.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FMAUtils.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.Logging.Abstractions.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.ObjectPool.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\PluginUtilities.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\System.Buffers.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\System.Memory.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.DistributedTracing.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.DistributedTracing.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.Shared.Adapters.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HCL.Shared.Contracts.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.TlsCertificateVerification.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HypervisorCommunicationsLibrary.AddInSideAdapter.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Contracts.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.ManagedMachineAPI.Contracts.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.MachineCreationAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HCL.Shared.Contracts.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.ManagedMachineAPI.AddInSideAdapter.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.ManagedMachineAPI.Contracts.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.MachineCreationAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HCL.Shared.Contracts.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\CustomProvisioningCommon.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Models.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.MachineCreationAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\DiscUtils.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\HypervisorsCommon.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Diagnostics.DiagnosticSource.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.Logging.Abstractions.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.Wcf.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.Wcf.Types.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.MachineCreationAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.DistributedTracing.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utilities.AssemblyResolver.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utilities.EnumCache.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utils.Strings.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Microsoft.WindowsAzure.Configuration.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\RemoteHCLCLient.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Configuration.ConfigurationManager.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Diagnostics.DiagnosticSource.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Memory.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Memory.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Runtime.CompilerServices.Unsafe.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe VolumeInformation
        Source: C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll VolumeInformation
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

        Lowering of HIPS / PFW / Operating System Security Settings

        barindex
        Changes security center settings (notifications, updates, antivirus, firewall)
        Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46} STATEJump to behavior
        Modifies Internet Explorer zone settings
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones NULL
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 DisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 PMDisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Description
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Icon
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 LowIcon
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 CurrentLevel
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Flags
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 DisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 PMDisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Description
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Icon
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 LowIcon
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 CurrentLevel
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Flags
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 DisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 PMDisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Description
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Icon
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 LowIcon
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 CurrentLevel
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Flags
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 DisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 PMDisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Description
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Icon
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 LowIcon
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 CurrentLevel
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Flags
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 DisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 PMDisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Description
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Icon
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 LowIcon
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 CurrentLevel
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Flags
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 1200
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 1200
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 1400
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 1400
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 2500
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones SelfHealCount
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 DisplayName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 PMDisplayName
        Modifies Internet Explorer zonemap settings
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ProxyByPass
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap IntranetName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap UNCAsIntranet
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap AutoDetect
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults http
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults https
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ftp
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults file
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults @ivt
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults shell
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults knownfolder
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ProxyBypass
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap IntranetName
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap UNCAsIntranet
        Source: C:\Program Files\Citrix\Broker\Service\BrokerService.exeRegistry key created or modified: HKEY_USERSS-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap AutoDetect
        Source: svchost.exe, 00000009.00000002.2539757321.000001C94C702000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
        Source: svchost.exe, 00000009.00000002.2539757321.000001C94C702000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
        Source: C:\Windows\SysWOW64\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7613BA1FFF7E3EEF6E1BD42237A9A3D68FC2EE7E BlobJump to behavior
        Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
        Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure1
        Replication Through Removable Media        		1
        Windows Management Instrumentation        		21
        Windows Service        		21
        Windows Service        		23
        Masquerading        		OS Credential Dumping141
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		1
        Non-Application Layer Protocol        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts1
        Service Execution        		1
        DLL Side-Loading        		11
        Process Injection        		1
        Modify Registry        		LSASS Memory1
        Process Discovery        		Remote Desktop Protocol2
        Browser Session Hijacking        		1
        Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		311
        Disable or Modify Tools        		Security Account Manager151
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook151
        Virtualization/Sandbox Evasion        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
        Process Injection        		LSA Secrets11
        Peripheral Device Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Timestomp        		Cached Domain Credentials2
        File and Directory Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        DLL Side-Loading        		DCSync23
        System Information Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        File Deletion        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529042 Sample: Broker_Service_x64.msi Startdate: 08/10/2024 Architecture: WINDOWS Score: 30 76 time.windows.com 2->76 78 _ldap._tcp. 2->78 80 Yara detected Generic Downloader 2->80 9 msiexec.exe 501 892 2->9         started        12 BrokerService.exe 2->12         started        15 svchost.exe 2->15         started        17 8 other processes 2->17 signatures3 process4 file5 60 C:\...\System.Management.Automation.dll, PE32 9->60 dropped 62 C:\Program Files\Citrix\...\RestSharp.dll, PE32 9->62 dropped 64 C:\Program Files\Citrix\...\BrokerService.exe, PE32+ 9->64 dropped 74 639 other files (1 malicious) 9->74 dropped 19 msiexec.exe 15 19 9->19         started        21 msiexec.exe 1 2 9->21         started        24 msiexec.exe 9->24         started        28 3 other processes 9->28 82 Modifies Internet Explorer zone settings 12->82 84 Modifies Internet Explorer zonemap settings 12->84 86 Changes security center settings (notifications, updates, antivirus, firewall) 15->86 26 MpCmdRun.exe 15->26         started        66 C:\Users\user\AppData\Local\...\MSID34D.tmp, PE32 17->66 dropped 68 C:\Users\user\AppData\Local\...\MSI99A3.tmp, PE32+ 17->68 dropped 70 C:\Users\user\AppData\Local\...\MSI9983.tmp, PE32 17->70 dropped 72 C:\Users\user\AppData\Local\...\MSI9878.tmp, PE32 17->72 dropped 88 Query firmware table information (likely to detect VMs) 17->88 signatures6 process7 file8 30 wevtutil.exe 19->30         started        32 wevtutil.exe 19->32         started        34 wevtutil.exe 19->34         started        38 5 other processes 19->38 58 C:\Program Files\...\BrokerService.exe.config, XML 21->58 dropped 36 conhost.exe 26->36         started        process9 process10 40 conhost.exe 30->40         started        42 wevtutil.exe 30->42         started        44 conhost.exe 32->44         started        46 wevtutil.exe 32->46         started        48 conhost.exe 34->48         started        50 wevtutil.exe 34->50         started        52 conhost.exe 38->52         started        54 conhost.exe 38->54         started        56 3 other processes 38->56

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files\Citrix\Broker\Service\32\ccauthcpp_dynamic.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\64\ccauthcpp_dynamic.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Avro.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Azure.Core.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Azure.Identity.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\BouncyCastle.Cryptography.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Castle.Core.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Castle.Windsor.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.Base.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.Common.Classic.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.Common.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.OnPremiseCommon.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.OnPremiseContracts.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Core.Api.Client.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Diagnostics.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Logging.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Monitoring.ApplicationInsights.Shared.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Redis.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Security.CCAuth.Managed.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.Configuration.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Trust.Api.Client.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Utilities.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Client.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Logging.dll0%ReversingLabs
        C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Utilities.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        _ldap._tcp.
        		unknown
        		unknownfalse
          		unknown
          _ldap._tcp.
          		unknown
          		unknownfalse
            		unknown
            _ldap._tcp.
            		unknown
            		unknownfalse
              		unknown
              time.windows.com
              		unknown
              		unknownfalse
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://tempuri.org/IMachineCreationApi/CheckVirtualMachinePowerActionsTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                  		unknown
                  http://tempuri.org/IADIdentityApi/ValidateAndLockIdentitiesForPoolTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                    		unknown
                    http://tempuri.org/ITrustApi/NewBearerTokenResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                      		unknown
                      http://tempuri.org/IDelegatedAdminApiV2/CheckScopeAccessMultipleUsingBearerTokenTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                        		unknown
                        http://tempuri.org/ITrustAdminQuery/SetServiceInstanceKeyResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                          		unknown
                          http://schemas.citrix.com/CBP/IQueryAgent/QueryUsersFaultFaultTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                            		unknown
                            http://schemas.citrix.com/CBP/ISessionManager/RebootResponsewBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                              		unknown
                              http://tempuri.org/IRetrieveAdAccount/SetAdAccountInUseAndClearPasswordTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                		unknown
                                http://tempuri.org/IHostApi/GetHostingUnitsAllResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                  		unknown
                                  http://tempuri.org/IAppLibApi/FetchAppVTelemetryTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                    		unknown
                                    http://schemas.datacontract.org/2004/07/Citrix.Trust.LogicwBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                      		unknown
                                      http://standards.iso.org/iso/19770/-2/2009/schema.xsdsvchost.exe, 0000000A.00000002.2538923261.00000196A3C87000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000A.00000002.2539402260.00000196A4502000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://tempuri.org/IFeatureChecksApi/IsFeatureEnabledTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                          		unknown
                                          http://tempuri.org/IDelegatedAdminApiV2/CheckScopeAccessUsingBearerTokenResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                            		unknown
                                            http://schemas.citrix.com/CBP/ISessionManager/ReRegisterNowTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                              		unknown
                                              http://schemas.citrix.com/CBP/IDummyInterface/useAddressHelperTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                		unknown
                                                http://tempuri.org/ITrustApi/NewBearerTokenTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                  		unknown
                                                  http://schemas.citrix.com/CBP/IDummyInterface/useLogonRequestHelperTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                    		unknown
                                                    http://tempuri.org/IFeatureChecksApi/IsFeatureDefinedResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                      		unknown
                                                      http://www.citrix.com/fmaplatform/VirtualSiteIdBrokerService.exe, 0000001D.00000002.1915578302.00000194AB522000.00000002.00000001.01000000.00000023.sdmpfalse
                                                        		unknown
                                                        http://schemas.datacontract.org/2004/07/Citrix.Trust.LogicXBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                          		unknown
                                                          http://tempuri.org/IHostApi/SetHypervisorConnectionMetadataTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                            		unknown
                                                            https://dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000002.00000003.1367443151.0000020960E62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1368998929.0000020960E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367707880.0000020960E5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369233575.0000020960E63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://schemas.citrix.com/CBP/IConfiguration/SetResponsesBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                		unknown
                                                                http://tempuri.org/IRetrieveAdAccount/FilterServiceAccountByIdentityProviderTypeResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                  		unknown
                                                                  http://tempuri.org/IRetrieveAdAccount/SetAdAccountInUseAndClearPasswordNoSuchAdAccountFaultFaultTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                    		unknown
                                                                    http://tempuri.org/IADIdentityApi/SetServiceAccountHealthStatusByUidResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                      		unknown
                                                                      http://tempuri.org/ITrustApi/NewTrustVdaEnrollmentTokenResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                        		unknown
                                                                        http://tempuri.org/IADIdentityApi/GetIdentityContentInIdentityPoolByNameResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                          		unknown
                                                                          http://tempuri.org/IRetrieveAdAccount/RetrieveAdAccountTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                            		unknown
                                                                            http://schemas.citrix.com/CBP/ISessionManager/StartRecordingResponseBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                              		unknown
                                                                              https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://tempuri.org/ITrustApi/GetTrustVdaEnrollmentTokensResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                  		unknown
                                                                                  http://schemas.citrix.com/CBP/ISessionManager/RebootResponseBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                    		unknown
                                                                                    http://schemas.citrix.com/CBP/IDynamicDataQuery/GetFaultFaultTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                      		unknown
                                                                                      http://tempuri.org/ITrustAdminQuery/RegisterServiceInstanceFaultFaultTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                        		unknown
                                                                                        http://tempuri.org/ITrustAdminQuery/UpdateServiceKeyTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                          		unknown
                                                                                          https://dynamic.tsvchost.exe, 00000002.00000003.1367942743.0000020960E54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://schemas.citrix.com/CBP/IDummyInterface/useSetRequestHelperResponseBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                              		unknown
                                                                                              http://schemas.citrix.com/CBP/ILaunch/CancelLaunchResponseBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                		unknown
                                                                                                http://tempuri.org/IFeatureChecksApi/GetDefinedFeaturesTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://tempuri.org/IMachineCreationApi/GetProvisioningSchemeByIdTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://tempuri.org/IMachineCreationApi/UpdateProvVmHostVmIdResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://tempuri.org/IMachineCreationApi/BeginVirtualMachineStateChangesResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://schemas.citrix.com/CBP/ISessionManager/SendMessageTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://tempuri.org/ITrustApi/UnregisterServiceInstanceTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://schemas.citrix.com/CBP/IQueryAgent/QueryStartMenuShortcutIconTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://schemas.citrix.com/CBP/IQueryAgent/QueryAllFtasResponseyBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://tempuri.org/IADIdentityApi/SetLockStateForADAccountTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/IDelegatedAdminApiV4/CheckScopeAccessUsingBearerTokenWithExcludedTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://schemas.citrix.com/CBP/ILaunch/PrepareSessionTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://tempuri.org/IHostApi/GetVolumeServiceBootstrappedTemplatesTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://schemas.datacontract.org/2004/07/Citrix.Host.DataModeluBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelsBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelrBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://tempuri.org/IHostApi/AddVolumeServiceBootstrappedTemplateResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelxBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://tempuri.org/IADIdentityApi/GetIdentityByNameResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://tempuri.org/IRetrieveAdAccount/InterfaceIsActiveResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://schemas.citrix.com/CBP/ISessionManager/ReRegisterNowFaultFaultTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000002.00000002.1369147638.0000020960E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367792280.0000020960E57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://tempuri.org/ITrustApi/NewTrustVdaEnrollmentTokenFaultFaultTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://tempuri.org/ITrustAdminQuery/GetServiceKeyNamesTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://schemas.citrix.com/CBP/ISessionManager/StartRecordingFaultFaultTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://schemas.citrix.com/CBP/IDummyInterface/useAddressHelperResponseBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://schemas.citrix.com/CBP/IDummyInterface/useGetReplyHelperResponseBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://tempuri.org/ITrustApi/AuthenticateHeaderResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://schemas.citrix.com/CBP/IQueryAgent/QueryAllSessions2ResponseBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.citrix.com/hcl/opId#SourceMachineNameWhttp://www.citrix.com/hcl/sourceMachineNameBrokerService.exe, 0000001F.00000002.2557092445.0000025451AC2000.00000002.00000001.01000000.0000004B.sdmp, Citrix.HypervisorCommunicationsLibrary.Wcf.dll.4.drfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://tempuri.org/IHostApi/GetVolumeServiceBootstrappedTemplatesResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://schemas.citrix.com/CBP/IDummyInterface/useSiteInformationHelperResponseBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://schemas.citrix.com/CBP/IQueryAgent/QueryAllFtasTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://schemas.datacontract.org/2004/07/Citrix.XDInterServiceTypesfBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://tempuri.org/ISecondaryBrokerControl/StopBrokeringTBrokerService.exe, 0000001F.00000002.2558857309.0000025451C32000.00000002.00000001.01000000.0000004C.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelYBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://schemas.citrix.com/CBP/ISessionManager/RebootFaultFaultTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://schemas.citrix.com/CBP/IQueryAgent/QueryAllStartMenuShortcutsTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://schemas.citrix.com/CBP/ISessionManager/DisconnectTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://tempuri.org/IHostApi/GetHypervisorConnectionByIdResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://tempuri.org/IMachineCreationApi/CheckVirtualMachinePowerActionsResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://schemas.citrix.com/CBP/IDummyInterface/useFaultHelperTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://schemas.citrix.com/CBP/IDummyInterface/useReverseSeamlessAppHelperResponseBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://schemas.datacontract.org/2004/07/Citrix.XDInterServiceTypesoBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://schemas.citrix.com/CBP/IDummyInterface/useServiceDetailsResultHelperTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://schemas.datacontract.org/2004/07/Citrix.Host.DataModeldBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://schemas.citrix.com/CBP/IDummyInterface/usePrepareRequestHelperTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelgBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelfBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://schemas.datacontract.org/2004/07/Citrix.Host.DataModelaBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://schemas.datacontract.org/2004/07/Citrix.Host.DataModel_BrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://schemas.citrix.com/CBP/IDummyInterface/useCancelLaunchRequestHelperTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://schemas.citrix.com/CBP/IDummyInterface/useIntuneMetadataResultHelperResponseBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://schemas.citrix.com/CBP/IDynamicDataQuery/GetResponsevBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://dev.ditu.live.com/REST/v1/Transit/Stops/svchost.exe, 00000002.00000003.1367143308.0000020960E75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369431890.0000020960E77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000002.00000003.1367443151.0000020960E62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1367764046.0000020960E41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369075101.0000020960E42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1369233575.0000020960E63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://tempuri.org/IDelegatedAdminApi/DummyOperationTBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://schemas.citrix.com/CBP/IQueryAgent/QueryAllSessionsFaultFaultTBrokerService.exe, 0000001F.00000002.2555603364.00000254519A2000.00000002.00000001.01000000.00000048.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://tempuri.org/ITrustAdminQuery/GetServiceKeyNamesResponseBrokerService.exe, 0000001D.00000002.1917406756.00000194ABA12000.00000002.00000001.01000000.00000031.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://mindtouch.eng.citrite.net/Technologies/Citrix.Diagnostics.Tracing)JBrokerService.exe, 0000001D.00000002.1915180152.00000194AB4BC000.00000002.00000001.01000000.0000001E.sdmpfalse
                                                                                                                                                                                                                        		unknown

                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                        No contacted IP infos

                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                        Analysis ID:1529042
                                                                                                                                                                                                                        Start date and time:2024-10-08 15:28:51 +02:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:0h 8m 50s
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Number of analysed new started processes analysed:41
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Sample name:Broker_Service_x64.msi
                                                                                                                                                                                                                        Detection:SUS
                                                                                                                                                                                                                        Classification:sus30.phis.troj.evad.winMSI@56/744@4/0
                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                        • Found application associated with file extension: .msi

                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 20.101.57.9
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, twc.trafficmanager.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                                                        • VT rate limit hit for: Broker_Service_x64.msi

                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                        10:58:51API Interceptor26881x Sleep call for process: BrokerService.exe modified
                                                                                                                                                                                                                        10:58:55API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                                                                                                                                                                                                                        10:58:59API Interceptor37x Sleep call for process: RegisterPlugins.exe modified

                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\0dpsrs21.newcfg

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Citrix\Broker\Service\BrokerService.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):34193
                                                                                                                                                                                                                        Entropy (8bit):5.122278897062649
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:9Qr59hFtHhxEh6VhdXeDW9pFtHpxEp6VpdXskywsexFCco4n0hJdCaULdcAC0RaT:dmH6JyJuJzyJz2ZFqJYQlC
                                                                                                                                                                                                                        MD5:5E328FDCC9D1EAEC19657170D92A083F
                                                                                                                                                                                                                        SHA1:3CF5BE442D3658550D903F9E84269D38EAD17B4F
                                                                                                                                                                                                                        SHA-256:674A5F0FC6AD5B20D1560DE5DF66607A76120A41BD5A182865325AF37C2AC33D
                                                                                                                                                                                                                        SHA-512:F3D91EB1DA4F1DB4E27809F0400A6323916C3B04D7D4B9F8AA07EED395A4D5A04DC31826FCE970DC5E31943B30CA9305E304EEA1D1A129FDE6B80663A4115F86
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>.. <system.net>.. <connectionManagement>.. <clear />.. <add address="*" maxconnection="100" />.. </connectionManagement>.. </system.net>.. <system.serviceModel>.. <client>.. <endpoint name="WsHttpBindingILaunchEndpoint" binding="wsHttpBinding" bindingConfiguration="WorkerWsHttpBinding" behaviorConfiguration="WorkerEndpointBehaviour" contract="Citrix.Cds.Protocol.Worker.ILaunch" />.. <endpoint name="WsHttpBindingIDynamicDataQueryEndpoint" binding="wsHttpBinding" bindingConfiguration="WorkerWsHttpBinding" behaviorConfiguration="WorkerEndpointBehaviour" contract="Citrix.Cds.Protocol.Worker.IDynamicDataQuery" />.. <endpoint name="WsHttpBindingIConfigurationEndpoint" binding="wsHttpBinding" bindingConfiguration="WorkerWsHttpBinding" behaviorConfiguration="Wo

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\32\ccauthcpp_dynamic.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2035864
                                                                                                                                                                                                                        Entropy (8bit):6.9949546327343075
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:Qv8zmhvkhwZ3uGuBADftPYqZfEjD/Pv8g:Qv8zmTZeGuqTeqZQ
                                                                                                                                                                                                                        MD5:E2CF969D3066353DCFD9F8ED27F9A4F5
                                                                                                                                                                                                                        SHA1:69A3FE31520D8D6427BDB4FD49EE93AB1655E656
                                                                                                                                                                                                                        SHA-256:E4AA3CA8FF7094D5B7A7417A23D0C405E6B72A9F35C73E2FD011FEFE1F499E84
                                                                                                                                                                                                                        SHA-512:F073FCF3AC581585FDD85E8CE41ACCFBAA60A5A0A6B11CECD70B14E805ED0FCD22B1931F91A67C951CD225906A17387EF5925B7B094E62517F65FF49FB729051
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......5&r\qG..qG..qG..x?..gG..d8..tG..d8..{G..d8..}G..d8..gG..d8..uG..:?..|G..qG..(F.......G..qG..nG...2...F..I...#G......nG..I...eG..I...pG..I...pG..I...pG..RichqG..........PE..L.....(e...........!...%.....T......xa...............................................N....@.............................8 ..H............................(......t...@...T...............................@...............t............................text....t.......v.................. ..`fipstx...|.......~...z.............. ..`.rdata........... ..................@..@.data....|...0......................@...fipsrd.../.......0...2..............@..@fipsda...............b..............@...fipsro..H............p..............@..@.rsrc...............................@..@.reloc..t...........................@..B................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\64\ccauthcpp_dynamic.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2694296
                                                                                                                                                                                                                        Entropy (8bit):6.7744905320066025
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:eGtlq8KIU6inVwASOHPGn7fR0vaZBEAeqLUdy6F3HzcZjI3VbTedP2IMZl:l+fGV0sx6Fab4IM
                                                                                                                                                                                                                        MD5:2C32EFD617CEB8680ACCED8F0FAD9D14
                                                                                                                                                                                                                        SHA1:7C35DD76799E4D6349EFA799457DADE783DA0954
                                                                                                                                                                                                                        SHA-256:9FF743248E1DA99CE23B106DD82DC3106AC7C2CCE3C1275F7D9A3FED43241AD4
                                                                                                                                                                                                                        SHA-512:335CBC960D8AB0E2638DB1BE2E928EC1F281F3B71EBDE84966E7C20AF22C1FB76300B76A88CFD85E667EAFEF6FAE8394148C5147AC581C8DBB03999731899647
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........3.W.]WW.]WW.]W^..WA.]WB.WR.]WB.YV_.]WB.^VS.]WB.XVO.]WB.\VQ.]W..\VZ.]WW.\W..]W..YV(.]Wo.UVF.]WW.]Ws.]W..YV..]Wo.YV..]W..YVH.]Wo.XVC.]Wo.]VV.]Wo..WV.]Wo._VV.]WRichW.]W........................PE..d.....(e.........." ...%.....J................................................).....x.*...`.........................................p.%.` ....%......P).......&..L....(..(...`)..S.../$.T...........................`.$.@............0...............................text............................... ..`fipstx..H*.......,.................. ..`.rdata.......0......................@..@.data.........&..0....%.............@....pdata...L....&..N....&.............@..@fipsda..>n....(..p...b'.............@...fipsrd...1...p(..2....'.............@..@fipsro........(.......(.............@..@.rsrc........P).......(.............@..@.reloc...S...`)..T....(.............@..B................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ADIdentityInterService.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19016
                                                                                                                                                                                                                        Entropy (8bit):6.717968991875515
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:hZiH6XtLdCi9mfXIYiArevzAM+o/8E9VF0Nycr08r:q+9mfYYiRvzAMxkEr8r
                                                                                                                                                                                                                        MD5:750A7214D371765C023F6E3D5536CAE3
                                                                                                                                                                                                                        SHA1:7652F5A5CC34A2945E213AC288A88FDA6913778E
                                                                                                                                                                                                                        SHA-256:6948FF3C2CF28093549DBF13174C360505402FC9EC6FA2E274B23A4882DA6BBD
                                                                                                                                                                                                                        SHA-512:29ECF6D278210A19FFAF8EFF23955CF6FF817F52DC42C277E468F806780323922DE3667C39092E5DD79098687A21713F8122F46B1588ACFACE4473A57C2C7C69
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8............" ..0..............6... ...@....... ..............................3.....`..................................6..O....@..H............"..H(...`.......5..8............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`....... ..............@..B.................6......H........ .......................5........................................(....*:.(......}....*..(....*..{....*"..}....*..(....*BSJB............v4.0.30319......l...l...#~..........#Strings............#US.........#GUID...........#Blob...........W..........3........'...........................E...................................U.....#......._.........)...............................................t.................Y...........@.Y.........7.....@...........u.................6.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ActiveDirectory.SiteManagement.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36424
                                                                                                                                                                                                                        Entropy (8bit):6.157688358855799
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:9pwM3lNhrqb0ORW0Vwlr23V9euD7YiRvOAMxkEHt:AM3l7qJqG2s77N8xDt
                                                                                                                                                                                                                        MD5:292F0775F1E8D968522CF497DE58B643
                                                                                                                                                                                                                        SHA1:587BE5FED68BDC833A4258E27899E5D9424216FB
                                                                                                                                                                                                                        SHA-256:93075BE31FF12138BE5A6B880AE6BFC511B2C9672CFC70E558CEC425C5033F5B
                                                                                                                                                                                                                        SHA-512:F6E7062D84FC82A3ACA516C37216F6F509E13EBEC5C23CB199A3F15B97FAF42602BAB3248ABEF02148F5AEBF5672139675E2C74C9FC3C2A44A0B8602DC9FC5F4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..\...........z... ........... ..............................{H....`.................................fz..O....................f..H(..........`y..8............................................ ............... ..H............text....Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H.......p6..pB...................x........................................(....*:.(......}....*:..~.....(....*:..~.....(....*^...(......}......}....*....0..%........(....u......,..o....s....*.........*..{....*....0..x..........(.......(....,.(....r...p.(.........(......{....(....,.(....r1..p.{..........(....*(....rq..p.{..........{.....( ...*..(!....~....(.....~....(.....~....(....*r.(!.....(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..B.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):110664
                                                                                                                                                                                                                        Entropy (8bit):6.060564592552528
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:iQYKlNgq5uGuGunOM2MTrhfkHkRHzJxNb7NbAxn:inPqSfkHkRTPNbhU
                                                                                                                                                                                                                        MD5:E25BE0F11182E79A14523A4E33F2C3E2
                                                                                                                                                                                                                        SHA1:7CE42665D0F3D8194BDE11D5C91F5184E9A15141
                                                                                                                                                                                                                        SHA-256:2F3163F74F1A70131B471C97E1B01EA7B60B5D1C1BA26F9E4BF06CB4A5047149
                                                                                                                                                                                                                        SHA-512:77FE9FA2A7BE40860190708832E8065917430B197421BD62A813D75FCD1F40DDD8A025EFA1E03AA3417EC4158F2BDC94309B2026C85BD93FB67378A36E90FD1A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m............" ..0..~..........&.... ........... ....................................`....................................O.......................H(.............8............................................ ............... ..H............text...,|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B........................H........e...4..................\.........................................(....*:.(......}....*v.,..(...+,.r...p.(...+*r...p*....0..:.......(......(....-..(.....o....o....(m...+.r...p....,..o .....*..........(................%... ....%..%-.&r#..p.%..%-.&r#..p.%....(!...*..........%..%-.&r#..p.%... ....%..%-.&r#..p.%....(!...*..........%..%-.&r#..p.%... ....%...(!...*..........%..%-.&r#..p.%... ....%..%-.&r#..p.%....(!...*....0..T.........e......%..%-.&r#..p.%... ....%..%-.&r#

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.man

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (311), with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):100539
                                                                                                                                                                                                                        Entropy (8bit):5.1749438199739775
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:C7/5BM71sKRfzDC2AM316+zVN3YXMqyF9JB0yPRq1TqjUAIqP:CjyHJeyPiTqIAB
                                                                                                                                                                                                                        MD5:0A9E028B53D3ABF1D3301A0FFEB29D8C
                                                                                                                                                                                                                        SHA1:BF257C5AF9F09623BD2F2139719619966F4FCF74
                                                                                                                                                                                                                        SHA-256:8A115E2411A94292099BDC9AFD69E07AE4D4462DF379FB57C0D7316C83E9EECB
                                                                                                                                                                                                                        SHA-512:43A0ED689469D81DCE5EC377E00103D23B642F088740148D921C6FED562BDF4336AE8DFF36A095D09231F4AF2183321C51782580A0D6B21B70B74E7F0F2103A9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<instrumentationManifest xmlns="http://schemas.microsoft.com/win/2004/08/events">.. <instrumentation xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events">.. <events xmlns="http://schemas.microsoft.com/win/2004/08/events">..<provider name="Citrix-Broker" guid="{d062513e-0d1f-4033-8ca0-b2ac667b3db8}" symbol="CitrixBroker" messageFileName="C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.dll" resourceFileName="C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.dll">.. <tasks>.. <task name="InternalVdaDeregisterError" message="$(string.task_InternalVdaDeregisterError)" value="59523"/>.. <task name="InternalVdaDeregisterRequested" message="$(string.task_InternalVdaDeregisterRequested)" value="59524"/>.. <task name="InternalVdaDeregister" message="$(string.task_InternalVdaDeregister)" value="59525"/>.. <task name="InternalSecondaryExitOutageMode" message="$(string

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Avro.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):202240
                                                                                                                                                                                                                        Entropy (8bit):5.8936792047616615
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:lzDavZimqA/LyTH1VA3AAFJ3A3AOnncjGGLf33u2J2tPdt1:gvZinSWnA3AAFJ3A3ATjGGLf33xJA
                                                                                                                                                                                                                        MD5:1B8996E904BF3C7F532D1B1F7B40CC54
                                                                                                                                                                                                                        SHA1:9AC6B2FC35ED6C0EE11033EF89B7C4CC11EE2557
                                                                                                                                                                                                                        SHA-256:9E51847AE95DD652DAA1CB30AC000DA4C3BABA9874DD4CA464E5F49DD082817B
                                                                                                                                                                                                                        SHA-512:20AC94D5A9FAD33ED779BF8825C07FA753D23AD895827D60919FABD81620CE6898240CFFDB0B8AE347E32B5C9B2E9AF8974501AF61095FBA5D9EECBB05DCC841
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............(... ...@....... ..............................m.....`.................................N(..O....@.......................`......d'..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H........Y..D....................&........................................(3...*..(3...*6..(4...(....*6..(5...(....*.0..J........(]......x....%...i(6......(7...%....... ....3..(8...(9......}......}....*:..s:....(....*:..s;....(....*:..s<....(....*:..s=....(....*>..}......}....*..{....*..{....*...0...........(.......(>...*..0..Y........(.......r...p.(.....X.y...(?...(@...(A.....(.....1#..oB....(....Y(@...oC...oD...oE...*.*&...(\...*2...(\......*2...([......*>...([.........*2..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Azure.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):387616
                                                                                                                                                                                                                        Entropy (8bit):6.184437284890503
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Z+2fFyIhCDc9OvL4UJYyfsQWCaE6R2gEXO:DfFDCRslCaE6R2gEXO
                                                                                                                                                                                                                        MD5:363F670ECD76D86B9067DA74A8E28B54
                                                                                                                                                                                                                        SHA1:65E536282B34F2FFDED33C2B150CC78F94CD8C1B
                                                                                                                                                                                                                        SHA-256:1CE2EFB952F9C2386F800D84D7D959FCDF77FDFC0BB798C2EECBA08C1267F7AC
                                                                                                                                                                                                                        SHA-512:ACCFDDBF1A6FB53269C17455F84C210C3ECE2221138D9C7CDFB74C83305F3CF20ACBF511F887B8F30C8A44027272374D4A5D9B27B699DF3F354F1C47D80C60CC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?H..........." ..0.............~.... ........... ....................... ......4=....`.................................)...O....................... (..........\...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................].......H.......|;..`.............................................................(K...*^.(K..........%...}....*:.(K.....}....*:.(K.....}....*..(K...*:.(K.....}....*..(K...*..(K...*..(K...*..(K...*:.(K.....}....*..{....*:.(K.....}....*..{....*:.(K.....}....*..{....*..(K...*:.(K.....}....*..{....*:.(K.....}....*..{....*..{....*"..}....*:.(K.....}....*..{....*..{....*"..}....*V.(K.....}......}....*..{....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(K.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Azure.Identity.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):334880
                                                                                                                                                                                                                        Entropy (8bit):6.121052732500459
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:6v61xEU1HgOXoLWQJlkBfYhKcvJUfMFzmUHM+YGesVGYj2u3wmvErfIH++fQU/Hh:pdp9mvgL0H3XsK
                                                                                                                                                                                                                        MD5:462482B966B07F3B3917F6FE6BC22F2E
                                                                                                                                                                                                                        SHA1:7DBBE0840E8E6D7EBD541C167B2967770773245F
                                                                                                                                                                                                                        SHA-256:FC2A610675B1803176706E7EFFF8C6242DA082E4DF4EFE3B3BF37D65E476535D
                                                                                                                                                                                                                        SHA-512:C6FBEFEF1A349B4DFDB7C02EB45DECF59F89AEF50149BC2EE92E8DC3790E8E8B3B98E0A8C73F7B62EB715181D8946AA18B86DD79210D046F0B4278F120C9E018
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#..........." ..0.............n.... ... ....... .......................`............`.....................................O.... .................. (...@......<...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................M.......H...........K............................................................(*...*..(*...*..(*...*^.(*..........%...}....*:.(*.....}....*:.(*.....}....*:.(*.....}....*:.(*.....}....*..{....*..{....*"..}....*:.(*.....}....*..{....*..{....*"..}....*V.(*.....}......}....*..{....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(*.....}....*V.(*.....}......}....*r.(*.....}......}......}....*V.(*.....}......}....*r.(*.....}......}......}....*..{....*..{.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BaseDAL.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21576
                                                                                                                                                                                                                        Entropy (8bit):6.573261831553722
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:U7CUwJV6sEptdE8vChunivlxBNIYiArev4DAM+o/8E9VF0NymTWA:U7CUBsam8muivlxBaYiRv0AMxkEWWA
                                                                                                                                                                                                                        MD5:178B14726AB3465834FBCBC7BFB7B1EA
                                                                                                                                                                                                                        SHA1:FAF5C88115A3AE7342E34CB030A320127C3EC621
                                                                                                                                                                                                                        SHA-256:56B9DB56399A3D6D1A10F32598F62B40083199933DF40540D06D9F5241A9B933
                                                                                                                                                                                                                        SHA-512:97FB5FAA666774A9914C4C450435CEAC3A104065E97D321C1D8FF6844ADBE1B48115A33AD9472E546332A61DA6D4E17F064590829E8FBDDD771E98B4AEA06F27
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..".........."@... ...`....... ....................................`..................................?..O....`..D............,..H(...........>..8............................................ ............... ..H............text...( ... ...".................. ..`.rsrc...D....`.......$..............@..@.reloc...............*..............@..B.................@......H........#......................x>........................................(....*:.(......}....*..{....*2.(....o....*2.(....o....*..{....*j.(......}......o....}....*.0...........~....3..........*......*....0...........~....3..........*......s....*...0..B........-.r...ps....z(....,.(.....+..o......( ...,.(!...-.(".......(....*...0..........(....%{#....{$..........(....*...0...........( ...,.r...p.s%...z(&.....( ...,.r[..p.s%...z..('......((...-.().......(*.....(+....(,........(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BouncyCastle.Cryptography.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):6871320
                                                                                                                                                                                                                        Entropy (8bit):7.37218540726604
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:sNyLBeQFKkVJjno+adQ6Z5EgveHluvNoT4S9tomfTYFNUWH:nrV2rdQ8rvsluv67amrYn/H
                                                                                                                                                                                                                        MD5:55CCC3CF82D5D5C63D4B0AF4B5557B32
                                                                                                                                                                                                                        SHA1:5286275253A518A047D9C613AEF80B2BBA1F094D
                                                                                                                                                                                                                        SHA-256:3F0182309F8FFB9CE0FA5F303219D3155BF1DA232E14A620ED234AEC209A2935
                                                                                                                                                                                                                        SHA-512:3060752D0CA095DCC9C797F08AA3095D34451C2FEBC91D9F4158DEEC1863584B1F047A987E59AF78E2A6CBA983652CC9362BA74BBFB4DE0F65BA68546374E89D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,J..........." ..0...h...........f.. ....h...... ....................... i.....*.h...`...................................f.O.....h...............h..)....i......f.T............................................ ............... ..H............text.....h.. ....h................. ..`.rsrc.........h.......h.............@..@.reloc........i.......h.............@..B.................f.....H.......(.................1.X.5.T.f.....................................V!...-_B...s1........*N.(2.....(.A..}....*..(2......(.....s.>..s.A..s.A..}....*..0..=........(2....(%......o3...s....z...(.....oD...s.>..s.A..s.A..}....*...................f.(2......(....s.A..}....*..(2.......s/?..s.@....(....s.A..s.A..}....*...0...........{....o.A....,..o.A..o.>..*.*....0.."........{....o.A....,..o.A..o.@..o3?..*.*...0...........{....o.A....,..o.A..o]>..*.*....0...........{....o.A....,..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerAdminQuery.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):57416
                                                                                                                                                                                                                        Entropy (8bit):5.940728124646761
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:/VuOI3/Ji835fLp+Mpuf4t6dFNY/kDVwr4YiRvfDAMxkEr:E95xugINokiM7Nfjxv
                                                                                                                                                                                                                        MD5:637988C4F904623FE87D0FF6E68C82E5
                                                                                                                                                                                                                        SHA1:577B8D9DEEB1277D839EDF9E95659A0BADA750AA
                                                                                                                                                                                                                        SHA-256:CF10539BDC297DE91581BEF81F08B89EA0E9471A02A4FBBFEF868C136DAE92E8
                                                                                                                                                                                                                        SHA-512:D29121F58F46C8994F3B8FFC4DF88FCC7837041572044365D37CE203F51F2FB86888CA4EA76102E2B329BDCF523AAA38509985A919733A841049AFEA5AB9C319
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ............`.....................................O.......$...............H(..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................H........M..l}..................,.........................................(....*:.(......}....*..0..z.......r...p....(&....r...p.(...+...............(......,u"...%-.&.+.....u...............&....(0.....r_..p.(...+......,..o.......*...........Q..1.......^m.......0..{.......r...p....(&....r...p.(...+................(......,u"...%-.&.+.....u...............&....(0.....r!..p.(...+......,..o.......*..........R..2......._n.......0..I.......rw..p....(&....r...p.(...+.,..(...+-...r...p

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerAdminService.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):603208
                                                                                                                                                                                                                        Entropy (8bit):5.624215670296902
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:3Wg6HE0ilQ40cAv3MbMa2TNAxeenrdz2pbdIe+YT9FX7kBe:mg6H73MUT+pdz2pbdIexEe
                                                                                                                                                                                                                        MD5:AB9FF6760AC81969B670866DB010C447
                                                                                                                                                                                                                        SHA1:FC61ABAC7E8590A4D4931A76C49C2157A13CD085
                                                                                                                                                                                                                        SHA-256:5DA75C5158A87BCEF47482F3B9E4623E297090554EBFDAA587C49C39DA5626D8
                                                                                                                                                                                                                        SHA-512:AC0DA1E49F7C115CF7C43E7B49AC007CEE34425A2EDE3019590F67C29AD15DE8F868324B6493D248965DEBA204F60568733A2750E2A99AE99F92547D02F0A2C1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}..........." ..0..............!... ...@....... ....................................`.................................. ..O....@..0...............H(...`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B................. ......H...........p...................<.........................................{!...*..{"...*V.(#.....}!.....}"...*...0..A........u........4.,/($....{!....{!...o%...,.(&....{"....{"...o'...*.*.*. ..xg )UU.Z($....{!...o(...X )UU.Z(&....{"...o)...X*...0..b........r...p......%..{!......%q.........-.&.+.......o*....%..{"......%q.........-.&.+.......o*....(+...*..{,...*..{-...*V.(#.....},.....}-...*.0..A........u........4.,/($....{,....{,...o%...,.(&....{-....{-...o'...*.*.*. .... )UU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerCde.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.724144475136261
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:pNkUPFBCId31XM0IYiArev2AM+o/8E9VF0NyvOUmB:pyU5d31XMFYiRv2AMxkEVmB
                                                                                                                                                                                                                        MD5:F376E9555A17BE3356437C1CFB494838
                                                                                                                                                                                                                        SHA1:D38E270A35C0739DBBF256F9D7F8FEF6D865D16F
                                                                                                                                                                                                                        SHA-256:BD909EB1DA0DB479B4E52A71EA72E2CD1D4CC06029E67B7244C63CE3CEFF9AE4
                                                                                                                                                                                                                        SHA-512:958CF15EEE2195153F17ACC69BAA07509A83D9B23C50BA2F381F688F1733FD01BA4B0F8A7FED2107A551F04E90F0EBD51BC16180D2CD54BDAC9366AE7E6002A5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a`7..........." ..0..............2... ...@....... ...................................`.................................12..O....@..<...............H(...`......X1..8............................................ ............... ..H............text........ ...................... ..`.rsrc...<....@......................@..@.reloc.......`......................@..B................e2......H.......h ..p....................0........................................(....*:.(......}....*.BSJB............v4.0.30319......l...8...#~......h...#Strings............#US.........#GUID... ...P...#Blob...........W..........3........................(...................................".........................................B.....[.................v.....o.................T...........;.................C.................$.z...................~.$.Q.............Q.........T.a.]...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerCdeLibrary.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24136
                                                                                                                                                                                                                        Entropy (8bit):6.387533533600951
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:8PWFqUgPlNEcSqfKddtxsiVwTxIYiArevH65AM+o/8E9VF0NyxjnxQ:8PWXgPnEDqfKddtxVwTmYiRva5AMxkEe
                                                                                                                                                                                                                        MD5:510A35939640477C15225455A8B1BA51
                                                                                                                                                                                                                        SHA1:78AFEB40A58ECF64DEC4FDD3262CAFD015C3D52E
                                                                                                                                                                                                                        SHA-256:E37350665F4348A79F8713DF81E02B7FEF2B84C3683E33C56B7B25785AD03846
                                                                                                                                                                                                                        SHA-512:241F39813B0F6A1DF73F98B1736E9544259F7593FE8209E5FD75B946203CDE856238EF74A7DF5AB83ABE1BA615746898C1A4BD84A37B32EA3B9A8637FA3E5442
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f..........." ..0..,..........>J... ...`....... ....................................`..................................I..O....`..$............6..H(...........I..8............................................ ............... ..H............text...D*... ...,.................. ..`.rsrc...$....`......................@..@.reloc...............4..............@..B.................J......H.......0+..T....................H........................................(....*:.(......}....*:(.......o....*...0..........(.....(.......(.....(......o....:....r...p.s.....s..............r...p..%...%.r...p.%.r...p.%.r...p...%...%.r...p.%.r...p.%.r...p...%...%...%...%...(.....~....%-.&.......s....%......( .....&..*.................0..........(.....(.......(.....(......o....:....r...p.s.....s..............r...p..%...%.r...p.%.r...p.%.r...p.%.r...p...%...%.r...p.%.r...p.%.r...p

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerComponent.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):459848
                                                                                                                                                                                                                        Entropy (8bit):6.692650229435561
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:XvnOYcshhOac+IvfunPxofiO/TS1ppq1h8TZBwy65jvfrrrrKBn:XvOY7ru2P+fiCTSU1uTXTn
                                                                                                                                                                                                                        MD5:88DEDE7F10765210EE87C81ABB36D1F0
                                                                                                                                                                                                                        SHA1:187FE9132CA5A1C227D15C5EAA084A45D06037C0
                                                                                                                                                                                                                        SHA-256:DC52D0478C7F8DB96170DDB95C88FC47B14B4BBF8ADF50109B89265F3F1ECBC6
                                                                                                                                                                                                                        SHA-512:F939C61041EDD15C9239A31A3066575C5E17DF92F8AE0380F40010298E97FD52C6CC329402176BF14148BDA92DC38EAEBF86BAE5BDA2D3592695202D8C27B364
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0<..........." ..0.................. ........... .......................@............`.....................................O.......................H(... ..........8............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......8....J...........F..X...T.........................................('...*:.('.....}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..((...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..()...*"..(*...*&...(+...*&...(,...*&...(-...*6.(.....o....*2.(....o....*2.(....o....*2.{....o/...*~.((.....}......r...p(0...}....*.rC..p*..{....rk..p(1....s2...}.....{....r...p(1...*....0..H........2.{....o3...Y...14.(......[o4.....(......[o5.....,....( ....,....( ...*.0..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerComponentCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):37960
                                                                                                                                                                                                                        Entropy (8bit):6.287269487206875
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:FmqAlf9x4/b4ghTFywE0LLTt64SE3sxtj8SYiRvxfAMxkE4f:FlAlf9q/EV0LLTt64SnnZ7Nlxm
                                                                                                                                                                                                                        MD5:3DEEACB9181DBF6F1F584A5233C35672
                                                                                                                                                                                                                        SHA1:CD68C7C46396E029A7A4FDB720DEB588723552B4
                                                                                                                                                                                                                        SHA-256:DA6564F46E502FF3D0F83579BFDA25660541D4881823BAACAD1E5324CB40EB08
                                                                                                                                                                                                                        SHA-512:D2A20B1BE8FD4E0F1E21E87CE21884F56C6DD3DD14A1EE3EE8649136E233643F758B523075C160D70F7364BCDD7ED92D6894673BB929ED6A3A9F96D5CFCAE378
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............." ..0..b............... ........... ....................................`.................................H...O.......<............l..H(..........T...8............................................ ............... ..H............text....a... ...b.................. ..`.rsrc...<............d..............@..@.reloc...............j..............@..B................|.......H......../...P............................................................(....*:.(......}....*.~....(....*..(....*..(....*^~.....(....(.....(....*Vr...pr!..ps.........*"..(....*.(s...*..(t...*....0..{........-.rk..ps....z~.....~ ..........(u...-.ry..ps....z.~....(!...,.r...ps....z..("......K........(#......~....($...,...(w.....*.........Jd.......0...........-.r...ps....z~.....~.....~ .....(%.....~....(!...,.r...ps....z.......(v...-.rO..ps....z.~....(!...,.r...ps....z..("....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerDAL.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2037832
                                                                                                                                                                                                                        Entropy (8bit):6.404022665446072
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:UQH7xOh12Scv8VXPMcuq/wPWr20Iu3aV6cpa76c1aHHpovqvBEHEhTOjl1PO7qlb:HQxnSW
                                                                                                                                                                                                                        MD5:83EDBF81B79D59FAADF5537ED55BA1B7
                                                                                                                                                                                                                        SHA1:D080C12E140EA5646B489E1A28E8354E74539FA6
                                                                                                                                                                                                                        SHA-256:7C40F9ADD397BCB9ECB32C942353256939380B89C70ED41B5C890C8FB41356A4
                                                                                                                                                                                                                        SHA-512:AC0534D5CA1B009DC370DE83FC045ED4FDF3F767DC369AF84A83EEB9B7A399ED7F473288AE1ABF8E6F19F4FF150F3B560D76CF21E79118D57F22E15D69500EDD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............r.... ... ....... .......................`........ ...`................................. ...O.... ..$...............H(...@......@...8............................................ ............... ..H............text...x.... ...................... ..`.rsrc...$.... ......................@..@.reloc.......@......................@..B................T.......H........C..............`...`.............................................{....*..{ ...*..{!...*..{"...*..{#...*..($.....}......} .....}!......}"......}#...*....0...........u........|.,w(%....{.....{....o&...,_('....{ ....{ ...o(...,G()....{!....{!...o*...,/(+....{"....{"...o,...,.(-....{#....{#...o....*.*.*....0..y....... f... )UU.Z(%....{....o/...X )UU.Z('....{ ...o0...X )UU.Z()....{!...o1...X )UU.Z(+....{"...o2...X )UU.Z(-....{#...o3...X*....0...........r...p......%..{....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerEnvTests.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):29256
                                                                                                                                                                                                                        Entropy (8bit):6.55759458041605
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:KVKKRvPu51F/Si0e9O21YiRvnaAMxkEmGa:AXvmUs7NnYxaGa
                                                                                                                                                                                                                        MD5:8E4DA37073B3C01F1FA82CF1CF20150B
                                                                                                                                                                                                                        SHA1:A9DD3C64EBFF903ADB81DD50FDA37BAB3F59B474
                                                                                                                                                                                                                        SHA-256:F61D734F4800210CCF69424FA4445F8982BA0B65F37CE221CE1D960C0F9897C4
                                                                                                                                                                                                                        SHA-512:BB54C38F10B459DCD261A8ED204F87C0DB235097215E0CA02576D88DD7244564CA307AE7A68C5DFB10ABF592494F386F3B399995B1402631A3FAA12FA60B3719
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D3A..........." ..0..@...........^... ...`....... ....................................`.................................:^..O....`...............J..H(..........P]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B................n^......H........*...2...................\........................................(....*:.(......}....*.(....*.~....*.......*....0..n.......s#.....(....o....(....s.......o.....r...po.....r...po.....(....o.....s......r/..po.......A...%.rK..p.%.ra..p.o.....ru..po ....o!....}.....(....o"...}......{....o#...}......{....o$...}.......(...%..{.....(...%..{.....(...}.....{....o%...~....%-.&~..........s&...%.....(...+s(.........$...s)...(...+s(...}....s+...%~....%-.&~..........s,...%.....o-..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.man

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (399), with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):205068
                                                                                                                                                                                                                        Entropy (8bit):3.4331182977845045
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:vJE7fVtZYdQFBk2As/T06+ls34rcEtoDx:BE7fVtZYSFBk2As/o6+ls34rcEtoDx
                                                                                                                                                                                                                        MD5:AEE347753DAA566281562D7D7D7664F7
                                                                                                                                                                                                                        SHA1:EF83C0ACB046CEA8F5CFE6BB0FB0957D3CC6607C
                                                                                                                                                                                                                        SHA-256:CF3EAC1D96A474408FBA93C0AA018010819B4C2122EB98472FC03B57C1DD95F0
                                                                                                                                                                                                                        SHA-512:9B8246CC096838B2C0B41E3743ABBE80E5CD3A8F1A65FAD8FB91E094F9CD5B2C0012A1C375BFAE13A52BE364FBB79738F29663F6DD27F394F4336ACC9BE1C839
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.!.-.-.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=..... . . . . . . . ._._._._._._. ._._. . ._._. . . . . . . . . . . . . ._._._._._. ._._._._._. . ._. . ._._..... . . . . . . .|. . ._._._._.|. . .\./. . .|. . . ./.\. . . . . . ./. ._._._._.|. . ._._. .\.|. .|./. ./. . .F.l.e.x.C.a.s.t..... . . . . . . .|. .|._._. . .|. .\. . ./. .|. . ./. . .\. . . . .|. .(._._._. .|. .|. . .|. .|. .'. ./. . . .M.a.n.a.g.e.m.e.n.t..... . . . . . . .|. . ._._.|. .|. .|.\./.|. .|. ./. ./.\. .\. . . . .\._._._. .\.|. .|. . .|. .|. . .<. . . . .A.r.c.h.i.t.e.c.t.u.r.e..... . . . . . . .|. .|. . . . .|. .|. . .|. .|./. ._._._._. .\. . . ._._._._.). .|. .|._._.|. .|. ... .\. . . .S.D.K..... . . . . . . .|._.|. . . . .|._.|. . .|._./._./. . . . .\._.\. .|._._._._._./.|._._._._._./.|._.|.\._.\.........T.h.i.s. .f.i.l.e. .w.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerFiltering.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):31816
                                                                                                                                                                                                                        Entropy (8bit):6.410515530276886
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:FnG0zG7GCrKHCTGTWM2F5m5YiRvZ5oAMxkEf:cN7Fr0Cvw7NZ52xz
                                                                                                                                                                                                                        MD5:605BC2D6BA3EFD94B72F3E9BD2187855
                                                                                                                                                                                                                        SHA1:9CB6D5C9E2B557C94AB3605DBAF19D4E6E2399F0
                                                                                                                                                                                                                        SHA-256:A9853F76FF43C34451A9163EC49C333207DE7F28BA9104163D4A8E2EC2F063B0
                                                                                                                                                                                                                        SHA-512:8AE25A404342D42CFD75724E8E45C663C9311EED2F6C075152194FF0AB7DC4B3884B5F3EF354336DF8BDFBDDB547EECDCFA213D3E79BC7C12F0E5F8C109C21DC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}............" ..0..J..........Jh... ........... ....................................`..................................g..O....................T..H(...........g..8............................................ ............... ..H............text...PH... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B................,h......H.......,5..`1...................f........................................(....*:.(......}....*..{....*"..}....*:.(......(....*...o....%-.(....r...p.(....s....zo....s..........s....*...0..K.......s....%.rS..po.....'...o.....ra..po......(.....o.....%.,..o ...+.~!...o"...*..(#...($...rm..p.(...+..}......}......,....(&.....('...*.0..J.......~.....o(...%o)...-.r...pr...ps*...zo+...r5..po,...o-.....{....o.....o/...*:..o0....(....*..(1....(2...rE..pr_..po3....(2...rg..pr}..po3...*.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerSDKDefinition.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):625736
                                                                                                                                                                                                                        Entropy (8bit):5.963379065295181
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:QWhEX2IlCXjVEHmvMDOp7cgSbpwxWHYa+iaYtGSki4:0X2IlCX6nDOf0j+iaYtGSD4
                                                                                                                                                                                                                        MD5:E9ED18C6BA7277D2EE3A109284A3ECF0
                                                                                                                                                                                                                        SHA1:71B8756741576A6630A43EBE6758E783CE179E17
                                                                                                                                                                                                                        SHA-256:6D393D9DB7725A2D1706ED82920539564DEBED3889C64333E9F4EEFDF57CC5AA
                                                                                                                                                                                                                        SHA-512:4E1AD872ABD9279B9B7764FD053027496E1B648D2F7328DB036166B898DF26209FCCC3EDAEDCD291001C2C0CE0F01BF3B065C945A63E4F4FAC27D1411DF3A807
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!............." ..0..Z..........6y... ........... ...............................z....`..................................x..O....................d..H(...........w..8............................................ ............... ..H............text...<Y... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B.................y......H...........x...................hw........................................(D...*:.(D.....}....*..(D...*..(D...*"..s....*..,*.oE....2!.oE....@0..r...p(F...oG.........*.*..{[...*"..}[...*..{\...*"..}\...*..{]...*"..}]...*..{^...*"..}^...*..{_...*"..}_...*..{`...*"..}`...*..{a...*"..}a...*..{b...*"..}b...*..{c...*"..}c...*..{d...*"..}d...*..{e...*"..}e...*..{f...*"..}f...*..{g...*"..}g...*..{h...*"..}h...*..{i...*"..}i...*..{j...*"..}j...*..{k...*"..}k...*..{l...*"..}l...*..{m..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerSDKLogic.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):454728
                                                                                                                                                                                                                        Entropy (8bit):5.6965508553249
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:jVh9k0DYBCNwwuzdb/lIwDg2WdI5P9babfinx1z:lPYVwuzdb/lIKWdI5P9babfinxd
                                                                                                                                                                                                                        MD5:720E964C6F1C43DFEE8B72815A8B64DC
                                                                                                                                                                                                                        SHA1:C1D6CBE80FF24FEAA43CBA9FD233F4295ED49BFA
                                                                                                                                                                                                                        SHA-256:647285148807B19B7BE35FF8E07A33706D81CE4ED8506006B1B5F4A28A35769D
                                                                                                                                                                                                                        SHA-512:51D9F8B2D5F8B9C95156D4B3EDB7D55DAF3D9E5C8C9C8AD8B0FBB35C2894DAA3A966DFFF3A06E6F254A75671B1F12F01D6D589424DD7653C0F4BE1A55E77D95F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C............" ..0.............".... ........... ....................... .......:....`.....................................O.......................H(..............8............................................ ............... ..H............text...P.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........<......................d.........................................{#...*..{$...*V.(%.....}#.....}$...*...0..A........u........4.,/(&....{#....{#...o'...,.((....{$....{$...o)...*.*.*. ..Z. )UU.Z(&....{#...o*...X )UU.Z((....{$...o+...X*...0..b........r...p......%..{#......%q.........-.&.+.......o,....%..{$......%q.........-.&.+.......o,....(-...*..(....*:.(......}....*....0..U........rG..p.o/...-..rG..p(0.......(@....o1...Q.P.-.._(2......(3.........Q.rK..p.(........*...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerService.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):117832
                                                                                                                                                                                                                        Entropy (8bit):6.060429855188099
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:hH2j0ePuxDNnl10OYEbANnVQ9VGNOMWOCNWB+av4GhVXezzbMKL/lDHqAO7UKf8J:hWjrWhlaOYEbAly3bMWO7UKsthX
                                                                                                                                                                                                                        MD5:CB044A172BFC56F40916FDDFB0381694
                                                                                                                                                                                                                        SHA1:D4EEFEAD2304C2D535CB644B18E80A4962503ABB
                                                                                                                                                                                                                        SHA-256:179CBB308BA241101423267EDA0ED6A24E7D4CB76D51CAFDBC046ED65CCD2872
                                                                                                                                                                                                                        SHA-512:DB616F4FCEB86515ECAF1582CA1E9AF30FE4E803060C637F63B66CC0D888FF1A8B4DE363DF79CF2025A3DB4F03B87132B16F6CF294AB35B60A8841DA702BE478
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............."...0.................. .....@..... ..............................d.....`...@......@............... ..................................$...............H(..........L...8............................................................ ..H............text...H.... ...................... ..`.rsrc...$...........................@..@........................................H..........\'..........4................................................{....*..{ ...*..{!...*..{"...*..{#...*..($.....}......} .....}!......}"......}#...*....0...........u........|.,w(%....{.....{....o&...,_('....{ ....{ ...o(...,G()....{!....{!...o*...,/(+....{"....{"...o,...,.(-....{#....{#...o....*.*.*....0..y....... %.wt )UU.Z(%....{....o/...X )UU.Z('....{ ...o0...X )UU.Z()....{!...o1...X )UU.Z(+....{"...o2...X )UU.Z(-....{#...o3...X*....0...........r...p......%..{.......%q...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerService.exe.config

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (330), with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):33995
                                                                                                                                                                                                                        Entropy (8bit):5.131381958927706
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:9Qr59hFtHhxEh6VhdXeDW9pFtHpxEp6VpdXskywsexFCcv4T0hldzaULNcYC0Bar:yrHmJyJuJzyJz2ZFqJYQlC
                                                                                                                                                                                                                        MD5:531C140D658C5EB3CF671F45D86EB7B9
                                                                                                                                                                                                                        SHA1:06E7D8E2FC8E15C98CA2D7E218037E175C915FEF
                                                                                                                                                                                                                        SHA-256:9BAA7ECABAF50C23D711FDF57655A850CA58FFF0CF468C1DE3EA998A0555A153
                                                                                                                                                                                                                        SHA-512:67DDA57AE0D63E7FF28F827CE54D1BE85617C0023C341B985972B1400ED519C274C6909D11D172609283902BB671F84C80DBE69BB6AC08D41363A680EF08B8FB
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>.. <system.net>.. <connectionManagement>.. <clear />.. <add address="*" maxconnection="100" />.. </connectionManagement>.. </system.net>.. <system.serviceModel>.. <client>.. <endpoint name="WsHttpBindingILaunchEndpoint" binding="wsHttpBinding" bindingConfiguration="WorkerWsHttpBinding" behaviorConfiguration="WorkerEndpointBehaviour" contract="Citrix.Cds.Protocol.Worker.ILaunch" />.. <endpoint name="WsHttpBindingIDynamicDataQueryEndpoint" binding="wsHttpBinding" bindingConfiguration="WorkerWsHttpBinding" behaviorConfiguration="WorkerEndpointBehaviour" contract="Citrix.Cds.Protocol.Worker.IDynamicDataQuery" />.. <endpoint name="WsHttpBindingIConfigurationEndpoint" binding="wsHttpBinding" bindingConfiguration="WorkerWsHttpBinding" behaviorConfiguration="Wo

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerService.exe.config.orig

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (330), with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):33995
                                                                                                                                                                                                                        Entropy (8bit):5.131381958927706
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:9Qr59hFtHhxEh6VhdXeDW9pFtHpxEp6VpdXskywsexFCcv4T0hldzaULNcYC0Bar:yrHmJyJuJzyJz2ZFqJYQlC
                                                                                                                                                                                                                        MD5:531C140D658C5EB3CF671F45D86EB7B9
                                                                                                                                                                                                                        SHA1:06E7D8E2FC8E15C98CA2D7E218037E175C915FEF
                                                                                                                                                                                                                        SHA-256:9BAA7ECABAF50C23D711FDF57655A850CA58FFF0CF468C1DE3EA998A0555A153
                                                                                                                                                                                                                        SHA-512:67DDA57AE0D63E7FF28F827CE54D1BE85617C0023C341B985972B1400ED519C274C6909D11D172609283902BB671F84C80DBE69BB6AC08D41363A680EF08B8FB
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>.. <system.net>.. <connectionManagement>.. <clear />.. <add address="*" maxconnection="100" />.. </connectionManagement>.. </system.net>.. <system.serviceModel>.. <client>.. <endpoint name="WsHttpBindingILaunchEndpoint" binding="wsHttpBinding" bindingConfiguration="WorkerWsHttpBinding" behaviorConfiguration="WorkerEndpointBehaviour" contract="Citrix.Cds.Protocol.Worker.ILaunch" />.. <endpoint name="WsHttpBindingIDynamicDataQueryEndpoint" binding="wsHttpBinding" bindingConfiguration="WorkerWsHttpBinding" behaviorConfiguration="WorkerEndpointBehaviour" contract="Citrix.Cds.Protocol.Worker.IDynamicDataQuery" />.. <endpoint name="WsHttpBindingIConfigurationEndpoint" binding="wsHttpBinding" bindingConfiguration="WorkerWsHttpBinding" behaviorConfiguration="Wo

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerService.exe.minimal

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):233
                                                                                                                                                                                                                        Entropy (8bit):4.838960479271368
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6:TMVBdTMkIcOggefqaAhA5KNZk2ygAyONw5W4QIT:TMHd41cO/eyaELNZoE0wo4xT
                                                                                                                                                                                                                        MD5:48B2421A3125047B4795E00CF766FDB9
                                                                                                                                                                                                                        SHA1:31EAA52B416B381345EC855F326C88398677686C
                                                                                                                                                                                                                        SHA-256:DBE08A9B52679401DD66B0D4B69D2A708DEDEDBEF672D6C039A3E99376F12E3D
                                                                                                                                                                                                                        SHA-512:3FB94AF638854B93773C980809ABE53E5BB9C069FA0EC2DFCED8F97DE17B19FB0FB4CC0FC2739A820D116DC58B5E1C6812873900A5853F3FB70AF3928E60D89A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <appSettings>.. <add key="MinimalConfigFile" value="1" />.. </appSettings>.. <runtime>.. <generatePublisherEvidence enabled="false"/>.. </runtime>..</configuration>

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerServiceEventLogResources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):999496
                                                                                                                                                                                                                        Entropy (8bit):4.155227798009497
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:86Iz6xc6xR6x8Z6xZo6xId1OsRyqKOrJDWxa6xn3:uo6xId1OsRyqNrJDWxR
                                                                                                                                                                                                                        MD5:C2122C5CBB5F4C4792C34AD57E8F2DE9
                                                                                                                                                                                                                        SHA1:1B3947280255C7D55018AF27C48F32CE73EED656
                                                                                                                                                                                                                        SHA-256:81D71F7437F085FCD341ECA51F5A2B2D30CF155F91B92F252EA240AFA4FB6763
                                                                                                                                                                                                                        SHA-512:BDE7968F17D4D3849C0B309D58B59EF918B0EDA7C7FE35CA36AAB7F5678F210B4E88510CF08A06461DD3DEF71D188BF8A6D3D6C4E2361D91483B55247EEB8D29
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^}..?...?...?......?...?...?.......?..Rich.?..........PE..L...RY.f...........!...'.....................................................@............@.......................................... ..................H(..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@....RY.f........................RY.f............8...8.......RY.f........l...L...L.......RY.f............................................RSDS....}..O....&.0Z....C:\tc\work\9fabd0850cbc8cb6\buck-out\gen\Brokering\Broker\Components\Shared\BrokerEventLogDll\win32-release__\bin\BrokerServiceEventLogResources.pdb........................GCTL....p....rdata..p........rdata$voltmd.......0....rdata$zzzdbg.... .......rsrc$01.....".......rsrc$02....................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\BrokerServiceSupport.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18504
                                                                                                                                                                                                                        Entropy (8bit):6.6774750510447864
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ziaoPskCy1bF+hxdMc2IYiArevdYAM+o/8E9VF0NyIvb:zImy1bkxdMcrYiRvdYAMxkE6b
                                                                                                                                                                                                                        MD5:B8E2E8BC8A5647EBD4B7615CC5823209
                                                                                                                                                                                                                        SHA1:898934203742DBF13D335FC1CED403A8472020C4
                                                                                                                                                                                                                        SHA-256:07E278B3DBD3430FE0980D80DE0BF83029772C61FF3A69B7DA45CA2DB31FCF17
                                                                                                                                                                                                                        SHA-512:D72EC107253B3C392366BA2302165290322BED80E60981D89BE55D3A7C9885029749E10B9F3304E368B5B7B451A06CFBD5091FE887E3449C470CF485299B7666
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5............" ..0.............j4... ...@....... ....................................`..................................4..O....@..<............ ..H(...`......$3..8............................................ ............... ..H............text...p.... ...................... ..`.rsrc...<....@......................@..@.reloc.......`......................@..B................J4......H........ ...............0.......2........................................(....*:.(......}....*~r...p.....(....o....s.........*..(....*.~....*.~....*.......*.(....*.(....*..(....*V(....r...p(....o....*V(....r...p(....o....*.BSJB............v4.0.30319......l...,...#~..........#Strings....$.......#US.@.......#GUID...P...\...#Blob...........W..........3........ .........................................................z...........Q.....Q...Z.....)...........H.....................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Castle.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):423936
                                                                                                                                                                                                                        Entropy (8bit):5.853585893632762
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:3TSGsXDKo3e0KCv7MSgxxZ+MqDkEqRBgKK7rIAUF:W5gCjMBZpvEqRBgK9F
                                                                                                                                                                                                                        MD5:70FFADA1F49EE3519BA126F6BF16324D
                                                                                                                                                                                                                        SHA1:C5F010C2FB0CAAF902DE3AD80F9640A611E4F4A4
                                                                                                                                                                                                                        SHA-256:EF21B0869D1FE1BA3F0A3E910F9858A37B3DC544CB78A92657B4CF0108959FAB
                                                                                                                                                                                                                        SHA-512:13017E4741CCC6792EEEBC9BE9F8BC726BEEE0775FBC4A4C26DDBAEE4BE36FE0F6B0DDAC7D257AAC98620C5E9938E917A9AB5845FE0C5B2F3495056E6BB03EC6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..n............... ........... ..............................ZE....`.................................K...O...................................t...T............................................ ............... ..H............text...Hm... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B........................H........(...`..............X............................................{....*..{....*V.(......}......}....*...0..A........uD.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. .... )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%qG....G...-.&.+...G...o.....%..{.......%qH....H...-.&.+...H...o.....(....*..{....*..{....*V.(......}......}....*.0..A........uI.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. O... )UU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Castle.Windsor.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):354304
                                                                                                                                                                                                                        Entropy (8bit):5.98138321728785
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:RieCtgRrOWJo76j8EwLH03Pn4ODKKbKKA4ejvDNVtwpewwjFRqPKt3A9S:5CtgRrpsbEwLUDKKbKKA4ejLNVtwpewU
                                                                                                                                                                                                                        MD5:E5C1D7A32FE40A97E58CE7086F40DFFB
                                                                                                                                                                                                                        SHA1:4512FA2D15BC7521B923B1E1413BD909B983AA98
                                                                                                                                                                                                                        SHA-256:74C07FADED7C6CD50CEE62234F79310A0575B6463C08F38854A84476EF3D1581
                                                                                                                                                                                                                        SHA-512:3EE625CD60D17D094D9AE1E06E890C6C379E9D88A11BEFA6C23D5E5576AD19D3D3C9B1AD4564A8C2AA2AC6C435EC227B7CDBFB86456205A31726C1E0657F708C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..^...........|... ........... ....................................`..................................|..O.......T............................{..T............................................ ............... ..H............text....\... ...^.................. ..`.rsrc...T............`..............@..@.reloc...............f..............@..B.................|......H.......4.......................@{........................................{=...*..{>...*V.(?.....}=.....}>...*...0..A........u1.......4.,/(@....{=....{=...oA...,.(B....{>....{>...oC...*.*.*. ...W )UU.Z(@....{=...oD...X )UU.Z(B....{>...oE...X*...0..b........r...p......%..{=......%q.........-.&.+.......oF....%..{>......%q4....4...-.&.+...4...oF....(G...*b.o.....s.....((...o#...*f.o......s.....((...o)...*..o.....5...(H...s.....((...o#....5...*b.o.....s.....((...o...+*b.o.....s..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\CbpConstants.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20552
                                                                                                                                                                                                                        Entropy (8bit):6.726449920581253
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:2blanb9KZ6O3c52cPnd0pKIYiArevr9AM+o/8E9VF0NyZ59S:2bEKT3c52cPd0p3YiRvr9AMxkE3K
                                                                                                                                                                                                                        MD5:7CF3C74A4225AFB660398988A75DF2B7
                                                                                                                                                                                                                        SHA1:DE246A693FFDE7DFB88FB959554C083BA5F72D8B
                                                                                                                                                                                                                        SHA-256:D5686481D2BA9239481D7128B16FC27B666F31EE85C626D8683E8AE3929A6769
                                                                                                                                                                                                                        SHA-512:AC077976260F527C2F617309F2EEF01F3EE8C3652682503A9C7320B742F451F27F0404C716993B3C0A3C74335B8586CA65DEC95DD6763C692B036BF33690CBFA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<............" ..0..............=... ...@....... ....................................`.................................O=..O....@...............(..H(...`......p<..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................=......H.......h .......................;........................................(....*:.(......}....*.BSJB............v4.0.30319......l.......#~......t...#Strings....l.......#US.p.......#GUID...........#Blob...........W..........3..........................................................1.....1.........b.......................:.....S.......Q.........n."...g.............1...L...........3.......1....."....."....."...).".....".....&.................Q...........1.Q.........U...].......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\CbpControllerSdk.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):251464
                                                                                                                                                                                                                        Entropy (8bit):5.964460030562087
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:la5aL8nSSwwowAXktUDgrvOBOvziW7DffQ417GMC0xM+Tl08J9VF8fYmtItzT/dz:U5aL8n4grvOBGzZ773xMLf2z7d6S6wn
                                                                                                                                                                                                                        MD5:6CD6F424D19DC7EFFC698321EB219444
                                                                                                                                                                                                                        SHA1:2EDF46BB80C13F100E8FCE9473AF5A52A364F0AC
                                                                                                                                                                                                                        SHA-256:3E560D52062AF71704C7AD7C563E9F228130FD476243BB878B11C4357C2BB540
                                                                                                                                                                                                                        SHA-512:5AE07DD1FEC34CC83F50E2F582D58A0EA3236787AA95FEA46AEDA3A4E4E4062E2C9EB3356EC4A0C5F7E1B188FA7ECDACD6CF8286DE5C10B55C0C3E29BC615CBA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ......!.....`.................................{...O.......$...............H(..............8............................................ ............... ..H............text....... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................H........p..HQ............................................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..( ...*....0..H.............%......(!....%......(!....%......(!....%......(!....%......(!....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\CbpTypes.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):122952
                                                                                                                                                                                                                        Entropy (8bit):6.206134976484788
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:giy1gKI15MXoj2LVENmRBpYXj0kRVez5TzeyCLPT3SPSSo6mU149EI5Xi0m7N4xn:BMKNymj0kRVezpz4I2EIPmhU
                                                                                                                                                                                                                        MD5:FBB3FF7EDED5BE1C196BC01067C99840
                                                                                                                                                                                                                        SHA1:1E69378E8D79429427A270050C672E37F8B9A7BE
                                                                                                                                                                                                                        SHA-256:5A5BAB7118F59F7E2C279C47E00972D8F5C6A07FF4EC22A39C5CADBF8F962BD7
                                                                                                                                                                                                                        SHA-512:E52588E920E246C965D9F0D7047DC88D76CCF59DCC28C0A66A5432B592EEB771E9714F69B2DBBD2A69C0FC64DEDB8AF95978C0B500B37712025CD120033D4FB9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ......I.....`.................................W...O.......................H(..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........S...y............................................................(....*:.(......}....*..{....*"..}....*..(....*V.(......}......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{ ...*"..} ...*..{!...*"..}!...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\CdeEvents.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18504
                                                                                                                                                                                                                        Entropy (8bit):6.715400931978112
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:0Ktu6+OJwjHlXIsIYiArevbUAM+o/8E9VF0NyTqp:0KlmjlXI9YiRvbUAMxkEgp
                                                                                                                                                                                                                        MD5:267E5F5BC4CC974ACD4C47111CE525B6
                                                                                                                                                                                                                        SHA1:1CF4032216D8FE7285D1FD1C773CD8B208A9DB88
                                                                                                                                                                                                                        SHA-256:357970123D542F65A84A7640C5782FDF9EDA6F7170656B8B634A093195831C6E
                                                                                                                                                                                                                        SHA-512:5248FA4BB75E45CD94B7B727FAF287C7D16BB2E02EBA5208927BBE44384D9B95A87E6FFE1F6F1DE18590EC5D5C830271B738F395ADFFB9FE58CD7FE3724E3417
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J..........." ..0..............4... ...@....... ....................................`.................................F4..O....@............... ..H(...`......h3..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................z4......H........!..<....................2........................................(....*:.(......}....*:.(......}....*..{....*:.(......}....*..{....*....0..p........(.....(....,.r...ps....z.(....,.r'..ps....z...}......(......(......(......(......(......s....(......(......&..*......-.?l........(....*..{....*"..}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.BSJB............v4.0.30319......l.......#~.. .......#Strings

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\CdeLibrary.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19016
                                                                                                                                                                                                                        Entropy (8bit):6.688422082864228
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Df0MRSbZVQroo64+IYiArevpgAM+o/8E9VF0Nyb82kcW:wHQrl64TYiRvpgAMxkE0
                                                                                                                                                                                                                        MD5:878A2915DD9EF59897658FD416BF877C
                                                                                                                                                                                                                        SHA1:F8270BC8DD7EA3BD5015836BF18867E18CCFE636
                                                                                                                                                                                                                        SHA-256:099C59EF8C3228108A409F1D5A761B006B711B7E66E2E0A9B6F08418B2B5B9CE
                                                                                                                                                                                                                        SHA-512:72EBE869F9D39779DED11370766325CAD3DEE12E6E97C3147C79D0A7AB8880CD48E22D59F192D3CE32927EEB5ABE2906EC49391C93EEC07FC644EB6F200297AC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!d............" ..0.............~6... ...@....... ....................................`.................................,6..O....@..............."..H(...`......L5..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................`6......H.......,#.......................4........................................(....*:.(......}....*..(....*..0...........j...(............*..0..........~....,..j...(....&.*.j*..0..........s.....s........+=.....,......(....+.r...p...(....r...p............o....&...X.......i2.~.......(....,.(....r]..p........o....(.....~.......(....,.(....rs..p........o....(......(....r...p......%...%...%...%...(....-.~....+.........o.....%....%...o....&........o....o....&...*....................0..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.ADIdentity.DataModel.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):72264
                                                                                                                                                                                                                        Entropy (8bit):6.333555434533804
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ENNbcRn339x3cb+Qt71PD5Qw8Nr7NM4xz:ELct33Dd4755QrNrhMi
                                                                                                                                                                                                                        MD5:268FAAC2082B90174AE3005FC88002C1
                                                                                                                                                                                                                        SHA1:2E6CF9FCA1DFB13CAD4624E23DB39D88E6CB1492
                                                                                                                                                                                                                        SHA-256:3147B5CDB13AB3CA3C765283348AA7FB833B8DA2A9C500DEC2E6BAF69DE7A9BB
                                                                                                                                                                                                                        SHA-512:B23C144237B2DB320970B7D110761726ECFDB3862D95DF027C0671C2EA420D8AC40189877D993CD5703D71A3005D991E8A2B55168CC1F1C6662EE55AC288E725
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'..........." ..0.............N.... ... ....... .......................`.......A....`.....................................O.... ..`...............H(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...`.... ......................@..@.reloc.......@......................@..B........................H.......4?..P.............................................................(....*:.(......}....*..(.....s....(.....s....(.....~....(...........(....o ...(....*..{+...*"..}+...*..{,...*"..},...*..{-...*"..}-...*..{....*"..}....*...0..E.......s....%.o!...r...pr9..po"...o....%.o#...o....%.o$...o....%.o%...o....*....0..........s!......}......(....rq..p.(....(&...s'...}.....(....,c.(....(...+,..{....ru..po)...&.(....o*...~....%-.&~...... ...s+...%.....(...+(...+..."...s....o/....(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Base.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):81904
                                                                                                                                                                                                                        Entropy (8bit):6.0898175984903125
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:zJMjKAjymnXjj1ugvdb2eI3/GEKJWKoF1VRvlNk8GS4gadCDjI0yR9Xlk43uFH:zJMjDtnX9uglb2eI3/GEKkSBp3IH
                                                                                                                                                                                                                        MD5:AD1EC04A2CA60AA08728D6A7161BB236
                                                                                                                                                                                                                        SHA1:D501DA43C7755E085F7813EB1788715417FE1823
                                                                                                                                                                                                                        SHA-256:6C174E5B188A8D3A6B0CF8DC41B335779D65916B24A9E6D21E7363AF79FE7E5B
                                                                                                                                                                                                                        SHA-512:6DBB66138DAE0A111C96D67FE369118FF4C4D7683B0120821B5DD3B1E5A0606F81C2FF3ED807CC47809BBBF3E3B2F04A052CA5CA00F6E202F0B0A001C2B8E870
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............;... ...@....... ..............................X.....`..................................;..O....@...............$.......`.......:..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................;......H.......,e..............87.......:........................................{&...*..{'...*V.((.....}&.....}'...*...0..A........u........4.,/()....{&....{&...o*...,.(+....{'....{'...o,...*.*.*. ./. )UU.Z()....{&...o-...X )UU.Z(+....{'...o....X*...0..b........r...p......%..{&......%q.........-.&.+.......o/....%..{'......%q.........-.&.+.......o/....(0...*..{1...*..{2...*V.((.....}1.....}2...*.0..A........u........4.,/()....{1....{1...o*...,.(+....{2....{2...o,...*.*.*. t!.. )UU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Broker.CasCommandQueuePayload.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18504
                                                                                                                                                                                                                        Entropy (8bit):6.7933269159986756
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:q3GDgVCBRc8JUsIYiArevfVAM+o/8E9VF0Ny3g:ZuCBRc8JU9YiRvfVAMxkEq
                                                                                                                                                                                                                        MD5:4E2E6072BE11FDA6D4680434608F16B4
                                                                                                                                                                                                                        SHA1:8D9354A944659BE4252BAF0525A1580196B67099
                                                                                                                                                                                                                        SHA-256:D3565BF645D27EF0EA8A77EF244DFDA41A9BFE770F284F72F7FB1CE5D5EA7C77
                                                                                                                                                                                                                        SHA-512:094D15F8471574E8667C6DF4FCF07657047EEA06E3922949D6EEA56D7832C967550B1F34FEF9C14197836508D3B48668AB0D03BA6B530E0AC931A027CBD3276C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1)............" ..0.............n5... ...@....... ...............................b....`..................................5..O....@............... ..H(...`.......4..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................N5......H........!.......................3........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..0.............j(...+...(....% ....j1.r...pr...ps....zis......-..+....s........%-.&.(.......,..o .....o!....o"...j3..o#.....!.o$.......,..o ............o .....*.(....@..O........1.Iz..........z........0..D........,,.s%......s&.....(...+..'.,..o .....,..o .....(...+().....(...+*.*.....................%......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.Common.Classic.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):101360
                                                                                                                                                                                                                        Entropy (8bit):6.011304454658822
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:giX6SAEgDLkA5Fq7wa4GDaaiPK39CNa6WN5L4lLPNCh4O+SkNakJMgIN8QmFa:pqjkAqxFya33LSy4O+SkNakGrAa
                                                                                                                                                                                                                        MD5:DC10565CDA842E6C8D86884D416FAD6E
                                                                                                                                                                                                                        SHA1:0FBEE5402F1590412E6BFA78E4AC3720ED318356
                                                                                                                                                                                                                        SHA-256:55978E6208BD9A8FC6CAC8C32C4BD339F8A98FCB12A201D40F50804DE9A690C7
                                                                                                                                                                                                                        SHA-512:5A190E5E935AB4470E7A10755FBBFBA8FE6EEF9417DA6447785A888FA0ADD47209B1515CEAE9013ED9443354B378409245095BA285E81FBCE919D542DB746AE9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G............" ..0..f.............. ........... ..............................<.....`.....................................O....................p..................8............................................ ............... ..H............text....e... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H.......hw......................$.........................................{(...*..{)...*..{*...*..{+...*..(,.....}(.....}).....}*......}+...*....0..k........u......,_(-....{(....{(...o....,G(/....{)....{)...o0...,/(1....{*....{*...o2...,.(3....{+....{+...o4...*.*..0..b....... ... )UU.Z(-....{(...o5...X )UU.Z(/....{)...o6...X )UU.Z(1....{*...o7...X )UU.Z(3....{+...o8...X*...0...........r...p......%..{(......%q.........-.&.+.......o9....%..{)......%q.........-.&.+.......o9....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):34800
                                                                                                                                                                                                                        Entropy (8bit):6.2300581764441985
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:xmeSl4Tnb0+tTAq1rc3uUSgLR+1yfl3NxPVeZyJJTDGFF2MIhr:0eSiTb0sTVWfL5f5YY+F8
                                                                                                                                                                                                                        MD5:AAC094EF91C7B3006F993B3889D49D8D
                                                                                                                                                                                                                        SHA1:7548867756C3E106FC8F582DB2F3C9A3A1AB60A5
                                                                                                                                                                                                                        SHA-256:804EE8450FA07BDB1E0FCE60AA9DB3AA87E8E1DCE51AADD94E57AAFC55DEEE41
                                                                                                                                                                                                                        SHA-512:4F64AE19711BAF0F0875D1705B16E3B6486DB7A0AA8F8A44E5C291C27934C5175F62DF8CD384324F33B208520CEB2510AE50E7D9629DA7582ABF8A028D204CB1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....x..........." ..0..b..........v.... ........... ...............................>....`.................................!...O....................l..............D...8............................................ ............... ..H............text...|a... ...b.................. ..`.rsrc................d..............@..@.reloc...............j..............@..B................U.......H........+...T...........................................................0..G.........(....}.......}.......}.......}.......}......|......(...+..|....(....*..0..G.........(....}.......}.......}.......} ......}!.....|......(...+..|....(#...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..($...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..($...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..($...*..{....*"..}....*..{....*"..}.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.OnPremiseCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):44016
                                                                                                                                                                                                                        Entropy (8bit):6.162346821100673
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:YvHbxGgRkv/wydVQY/Htp0nt6t1uRqBocbSZXJ18DGwPY2MIhF:Yvs0OwgZvz0ntwcZkYFa
                                                                                                                                                                                                                        MD5:049B7FA4108A928236F8DBBCF5B6FF81
                                                                                                                                                                                                                        SHA1:DF4A6193B879E6C2FFD9640FA797B779DE9E8CE5
                                                                                                                                                                                                                        SHA-256:B5C4B952A44CE122E9C1B4DAE3F2870D9AB78032515B693C5DC6CBAEF43975A7
                                                                                                                                                                                                                        SHA-512:04E2BFAFC316A28836BCD5CCFEA61C18392EAC6D8687215C184C14A4DAEA62AC13EF0BE362453AA1CCB6FD9DDE7AAEAC985CD24F8619017D65662D1D45B7D7DE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ...................................`....................................O......................................8............................................ ............... ..H............text...L.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........?..tb..................\.........................................{!...*..{"...*..{#...*r.($.....}!.....}".....}#...*....0..S........u......,G(%....{!....{!...o&...,/('....{"....{"...o(...,.()....{#....{#...o*...*.*..0..K....... {..3 )UU.Z(%....{!...o+...X )UU.Z('....{"...o,...X )UU.Z()....{#...o-...X*..0...........r...p......%..{!......%q.........-.&.+.......o.....%..{"......%q.........-.&.+.......o.....%..{#......%q.........-.&.+.......o.....(/...*...0..........s...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.AgentFoundation.OnPremiseContracts.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23024
                                                                                                                                                                                                                        Entropy (8bit):6.186858518190163
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Rm80oh7ojvR+YjYfzPnf2kDSi0XDqwPG68IHpW8P/aG1/pbTnwyzHOZGJZyDGRF4:RmdYD/MJGG/1zHOZGJZyDGHUQt2MIhL3
                                                                                                                                                                                                                        MD5:D5DA1DB6D379AF70B62CCEA2EA14D4BF
                                                                                                                                                                                                                        SHA1:167EAB612DC96BB48BB27FC6B8D0F6AD9B0825F4
                                                                                                                                                                                                                        SHA-256:13A584ABED791267334FE1FEDFA714EE1B91EED8E663F4077528D2CE84A26A58
                                                                                                                                                                                                                        SHA-512:52FD0DFD5CE77BF6549F63BFAB2CFD27F29D12B031B5D0F2028E1FB4B9178B52568776217526F4A381C3112791B90CED0B2D783655B044453C1E9EB02290A3EA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.Q..........." ..0..4...........S... ...`....... ...............................*....`.................................-S..O....`...............>..............@R..8............................................ ............... ..H............text....3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B................aS......H.......($...-...................Q........................................{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..(:...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*:.(......(....*..{....*"..}....*..(:...*..{....*"..}....*..(....*..{....*"..}....*..(:...*..(:...*..{....*"..}....*..(:...*..{....*"..}....*..(....*..(:...*..(....*..{....*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Core.Api.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):330656
                                                                                                                                                                                                                        Entropy (8bit):6.203893784960086
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:7D1bJM41KzOV54MwaOYe1u1FpQmkXzNSeeB:7pt/0zM5Vb/hkDNG
                                                                                                                                                                                                                        MD5:F8EADFC2205D86699068B4247A8644C1
                                                                                                                                                                                                                        SHA1:D9E6F37ABA26F5377BE9819D1AE923DCC6274666
                                                                                                                                                                                                                        SHA-256:CDD953F5FBFA0080DBE3C99F662090AA8CED101CC1FA7EC69C9FEBCE1690A8EB
                                                                                                                                                                                                                        SHA-512:41C7AFB32C61E9F959D0A425C36BC837ED898A22986B2E99D42C3D2FB6B4204928D99F9339103966227B9599576E6D7B56FC4C5DC6220387A3668A63A144A92F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x............" ..0.............n.... ... ....... .......................`.......&....`.....................................O.... .......................@..........T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................M.......H............(............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(+...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(+...*..{,...*"..},...*..(+...**....(-...*2......(....*2......(/...**....(0

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Diagnostics.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):34512
                                                                                                                                                                                                                        Entropy (8bit):6.0888116264116166
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:t4squChLWDIpA58qCMwrN2yM5ndkGnoSWwwNbZbJM/DG7Kgjsy08:tDwrYVdkGnoV1jV
                                                                                                                                                                                                                        MD5:611BCB20F8A4EF20526CDDF2F3F1CFE7
                                                                                                                                                                                                                        SHA1:718B9EB8AF79E05522F5E25BB5DAD5A3D23564BF
                                                                                                                                                                                                                        SHA-256:BF3FDE2424C3907BCF92C380B362D1E149C9A8E23CF1920F7DCCFCE4AD579FD6
                                                                                                                                                                                                                        SHA-512:BB764ED5394D4CD8963DF232DE6F482E15C756574B1F333545EC0CB3474BDAEB22D0B855168EB43FFE3C869EBEED977EB005B9D043F25FB73F25BFAC24A75C59
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..`............... ........... ...............................!....`..................................~..O.......|............j...............}..8............................................ ............... ..H............text...._... ...`.................. ..`.rsrc...|............b..............@..@.reloc...............h..............@..B.................~......H.......4;..DB..................x}........................................{....*"..}....*..{....*"..}....*..(....*..{....*..{....*..{....*..{....*..{....*"..}....*..(....*..0..O........{ ...~!...%-.&~".....#...s$...%.!...~%...%-.&~".....&...s'...%.%...(...+s)...*..{*...*"..}*...*..{+...*..{,...*.0.................................(-...*....0..w........s....}.....(......}......}......}.......}.......}+......},.............(/....s0...}1....s2...} ....(3......(4...(5...*..u....-.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Logging.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22512
                                                                                                                                                                                                                        Entropy (8bit):6.132968561317903
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:J1gED3O16T4Ft3mM5qIbM0jtzvNzRjz6U5nqU10Z/JTgDGRv79NcMIhc:c6+16T46S5nqU10Z/JTgDG952MIhc
                                                                                                                                                                                                                        MD5:527830525D4EF0957FEAEB9985892799
                                                                                                                                                                                                                        SHA1:94E2D14AFD7B946B0A5FE24E90547B7D2866B147
                                                                                                                                                                                                                        SHA-256:7D05F6B8C0E4B2F3E4D354D582E722954353AB679C7799831052F70AB12C81AB
                                                                                                                                                                                                                        SHA-512:AA8ADB2D5800F1602ED34900898F78432373DD42A0B6F0C7A7F13E3ECEE1C1A56260983A8221DE127D387F11AE13DD469BFC95FF0C93521349D4C0566669718C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..2...........P... ...`....... ....................................`.................................vP..O....`..d............<..............tO..T............................................ ............... ..H............text....0... ...2.................. ..`.rsrc...d....`.......4..............@..@.reloc...............:..............@..B.................P......H........&..$(...................N......................................z........o....r...p.(....(....*z........o....r...p.(....(....*br...p........(....(....*F....( .....(....*..(!...*.*.*.*.*..(!...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.s=...%.}1...*.0.._........~"...}.....~"...}.....~"...}.....~"...}.....~"...}.....~"...}.....~"...}.....~"...}.....(<...*..{%...*"..}%...*..{&

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Monitoring.ApplicationInsights.Shared.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23248
                                                                                                                                                                                                                        Entropy (8bit):6.0644940020904015
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:SwmWOtJCLYIeaIlAaniencecxdkcduAes1ZVJ4PDG+dgQMK6jk0b:SR5toLDSziencecxGcduAes1ZVJ4PDGN
                                                                                                                                                                                                                        MD5:790D473C10A421411D263E4A6D3B0800
                                                                                                                                                                                                                        SHA1:0B2A907F8823AEF4CF5FD5FC143E703388BBD8D0
                                                                                                                                                                                                                        SHA-256:DD7F3C34CB040F5FDF113F15CA986179B428AD6BA8BB7B64E62C8A1DCC54F1D4
                                                                                                                                                                                                                        SHA-512:DB753F862935AE2F5E4024F2DC0F8BBD08EF0490626001BE9CF415DF476A6645F9AA39C748557CFEF179C66C741FE580A590C61D0077E21D8750E3817EEB5A2A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q..........." ..0..4...........R... ...`....... ..............................?.....`..................................Q..O....`...............>...............P..T............................................ ............... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B.................Q......H.......p'...(...................P.......................................~.....~....%-.&~......+...s....%.....o.....o....*...0..........~.......o....-..*.o....*.s.........*V.(......}......}....*..o....o.....{....o.....o....o.....{....o ...*:.(......}....*r.o....o!...r...p.{....o"...*.0............('...u......{....,f.,c.{............s#...(...+(...+~....%-.&~..........s&...%.....~....%-.&~....../...s&...%.....(...+.+..{....,..{.....+..,....*..(....*:.(......}....*...0..i.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Redis.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):66032
                                                                                                                                                                                                                        Entropy (8bit):6.138740517517838
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:E46CiTAyGNC/wjiNBSUTfubUTT/b0ySs7C1Rj61o7HFx:n6DMvSeSTfeY/b0a7C1Vlx
                                                                                                                                                                                                                        MD5:863137A9921C473187C310305602FAD5
                                                                                                                                                                                                                        SHA1:252FA0FE48B1F00C2030DDA561CB1F0A4F0E5A70
                                                                                                                                                                                                                        SHA-256:0E4983F05C6369B598CB550DE6D3716AC3B40E643601D15433C80A72631EFB62
                                                                                                                                                                                                                        SHA-512:5A0F4691E15952ACB2B11CD5FD30FF87BF2856FAE05180E177041C7EC66202D27E012B8B1A0C8A7EC22B6B1CA7CDDFCDB5B6575D2C373B3FD319265397637EB0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-.H..........." ..0.................. ........... .......................@.......A....`.................................x...O.......X.................... ......x...T............................................ ............... ..H............text........ ...................... ..`.rsrc...X...........................@..@.reloc....... ......................@..B........................H........l..D............................................................0..%.........}......{....(....}......&..}......*...................Z.{....,..{....o....*.**.(.......*>.{....%-.&.*.i*..{....-.s....z..2...{.....i2.r...ps ...z.{......s....*2.{....(!...*2.{....("...*2.{....(#...*6.{....($...l*2.{....(%...*..{....*"..}....*..{....*"..}....*..{....*"..}....*vr...p.(.....(.....(....(&...*..('...*V.((.....}).....}*...*..{)...*..{*...*...0...................~+...s,....-...**..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Security.CCAuth.Managed.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):102040
                                                                                                                                                                                                                        Entropy (8bit):6.181776210265626
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:eHu4qpKPsCH+pQFTn9NTLj2ij4tZYef+GNcknrM0+VGZ3es272fx:eHu1pAeqBLj2Y4tZY8+GN1Q0+VK3es2
                                                                                                                                                                                                                        MD5:7C3B3B9053410A66D8BD2E5E4F5CE6B9
                                                                                                                                                                                                                        SHA1:EB9E120ECCAF31E7ADC9951BFD23B3F5A89FBD90
                                                                                                                                                                                                                        SHA-256:92CD0E1C367FC3D33EA21CD171D6A96CD5B519F87FC6E0B3774766C1D148BD03
                                                                                                                                                                                                                        SHA-512:14C8F6BC9B2165677EB4E8D60DDB6F39DEA90B07C517B2B23324585626A79342EFD74726E720EBE66FDDA1AB6BF915B16CDFE5A573960E1C2AF614148ADC75DA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,b9..........." ..0..\...........{... ........... ..............................=.....`.................................O{..O....................f...(..........Hz..T............................................ ............... ..H............text....[... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................{......H.......$|.......................y........................................(!...*..(!...*:.(!.....}....*..{....*"..}....*..{....*"..}....*..("...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..("...*..{....*"..}....*..("...*.0..N..........(#...........s....}.....~$...}.....~$...}......oa...}......{....sl...}....*...0............o%......(&....*....................0...........{....~$...('...,'.{....(...+.{.....{....o.....~

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):33696
                                                                                                                                                                                                                        Entropy (8bit):6.231047392784111
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:zOYJ7B7Vnjz6kKBZM6f4AT0H9ugW9dJLLYiO82Dih2MIh:fvz6kKB50H9Qh79xF
                                                                                                                                                                                                                        MD5:4D6943D8D13B30F0265D5B49F638994B
                                                                                                                                                                                                                        SHA1:A454398DE4270AC6E05CFBBA4949DD43471C67CC
                                                                                                                                                                                                                        SHA-256:308BE75CA81E9079739B86FD3C980F4D800380F6C8BFF11698319586BC157945
                                                                                                                                                                                                                        SHA-512:770675BE30EF8617A7EA295E08560B5B4C3F81765213458F0CC30DCF6B3DED2E1C24173DEB54A5C91CC2DCCF50F2238077C18F96BF7026171AC1F77AD836F4A4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&............" ..0..Z...........w... ........... ..............................].....`..................................w..O.......L............d..............pv..T............................................ ............... ..H............text....X... ...Z.................. ..`.rsrc...L............\..............@..@.reloc...............b..............@..B.................w......H........2...@..........ps.......u........................................( ...*..( ...*:.( .....}....*:.(!.....}....*...0.....................(....*v..sa...%.}0...%.}2...%.}/...*"..(....*.0...........s..............o....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.*..{"...*"..}"...*..{#...*"..}#...*..(!...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..N.............................($...(.......($...(.......($...(.......($...(..........*..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.ApiClient.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):54176
                                                                                                                                                                                                                        Entropy (8bit):6.2492470900196775
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:HJP21UEQiJ6m92/+HuUVYkQttg/Pdr7jVd3G7JF:t9hD/2P/Ctgt7jVd3Gr
                                                                                                                                                                                                                        MD5:1F798B602637B7A2B62DC690EA8D256F
                                                                                                                                                                                                                        SHA1:7FC31BEF80716F6B11487516FB77FEB60023EB89
                                                                                                                                                                                                                        SHA-256:2DBDB6EED5BDE4B0BCEEDCBF391ED1D1E2FC2DA5D8CACDF767F05A6C447997F3
                                                                                                                                                                                                                        SHA-512:FAE0B8D2D46CFE0AD1F30622900B56FE152EB05CA9D446BAFC1069843E0FD46C65BF13BAAF3683573688AC3CBC8FEF8BB20CCCD0CD87050AD129E346D1C95E25
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...jJ/..........." ..0.................. ........... ....................... ......H.....`.....................................O.......(...............................T............................................ ............... ..H............text........ ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H.......|K...{............................................................(....*..(....*:.(......}....*6..s....(....*&...(....*..r...p.o..........o....(.....(......}....*2.r...p(....*6.r...p.(....*2.r9..p(....*6.r9..p.(....*2.rY..p(....*6.rY..p.(....*2.rq..p(....*6.rq..p.(....*2.rq..p(....*2.r...p(....*6.r...p.(....*...0.._........(....(....-9.o ...r...po!...,..o ...r...po"...&.o ...r...p.(....o#....(....(....-9.o ...r9..po!...,..o ...r9..po"...&.o ...r9..p.(....o#....(....(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.ServiceRuntime.Configuration.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):52208
                                                                                                                                                                                                                        Entropy (8bit):5.771348667448451
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:VgR9rF4tyVNqL7XpSNgCY/XCafOzcsd6M55oPO6KcLI2NG2q+K7LQh3XZAnzg0f6:+R9rF1VY3KgCYJxZ2tFe
                                                                                                                                                                                                                        MD5:A742178EB45FE6B3E436BCC238A3D4F1
                                                                                                                                                                                                                        SHA1:B9334D20C189A9C6233DC2784F5620A2A05B9559
                                                                                                                                                                                                                        SHA-256:34CCD4263C519C7997D1E54C133EC564EC5E66DB171359D054DF1CF385149168
                                                                                                                                                                                                                        SHA-512:221885E4A86F638575A5B8B7A26FE403AD90FAEA9D4EAB65B56EA343E8970FBB779B898FDA57BC4C3966C4F3126AFA8DCA5F540B00DEAD9094A4AEBAA230EB37
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ............`.................................T...O...................................(...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........6.................................................................2...%.r...p.%...%.r...p.%...%.r...p.(....*....0..V.........Q.(....,..*.r...p(......o....,..o....o...../..*..o.....o....o....Q.o.....o....o....*B.-.rS..p*.(....*..0..........sp......}.....{....-.rS..p*.{....o......o....-...2...( ...(!...,$.{....o"...(#...-..{....o"...*ra..p*rw..p...o$...~....%-.&~......k...s%...%.....(...+...q...s'...(...+()...*....0...........~*...Q..3..*.,..-..*.o......o.......(+...,;

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Trust.Api.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):87536
                                                                                                                                                                                                                        Entropy (8bit):6.111938076439931
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:jCfpBpQtcqwCJcGSuim/PmJ64fZUTHcGdMySFFz:jDtc6e7J6eCLcUsd
                                                                                                                                                                                                                        MD5:BDEBD647563634D14843A38359229BA2
                                                                                                                                                                                                                        SHA1:90AFA212F92B9BFC26D86896FDDABD0621280FE6
                                                                                                                                                                                                                        SHA-256:988503384ED4407480709BC5A9F6F5CFADF69A7620BD0CAD71907590A58D3F1E
                                                                                                                                                                                                                        SHA-512:90337C75A1ED35B90F02D8A7E245F488C1F5AB0622F0DDF5998760342C7A7B81FCD856095557C4CF5B3C50A79DBD00F5BCA43B8B04889302FB43789C4A1ACF11
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V............." ..0..0..........RN... ...`....... ..............................~z....`..................................M..O....`...............:...............L..T............................................ ............... ..H............text...X.... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B................2N......H.......x.......................pL........................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. Kg.. )UU.Z(.....{....o ...X )UU.Z(.....{....o!...X*...0..b........r...p......%..{.......%q.........-.&.+.......o"....%..{.......%q.........-.&.+.......o"....(#...**....($...*2......(%...*2......(&...**....('...*2......((...*2......()...*2.(*...(T...*....0..?.........(+...}.......}.......}

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.CloudServices.Utilities.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):35312
                                                                                                                                                                                                                        Entropy (8bit):6.1385439470086425
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:NjGs2lMuKrQeU5VUidIwSZIiJBZZJGeDG9f2MIhfs:FpuS/kqD3oFP
                                                                                                                                                                                                                        MD5:9CD397E9DF2189435499F1E3F1AD5CAF
                                                                                                                                                                                                                        SHA1:557D66809063A58AE36992B4AE198509A6DE3FBA
                                                                                                                                                                                                                        SHA-256:C31542D650690096817542C1AEDAEC11CCF6679BF2302BDCBCC8BEC5BAD19F1E
                                                                                                                                                                                                                        SHA-512:2E54F84806F400DFDD327E27BB98D44DFB7779D67A29F03EDA9F0F7C1E74FE0EDC8CB5621685FB5751B25B1D04DB69077F90FDA6C47CA90C028D6CF071CC78D7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&$............" ..0..d..........".... ........... ..............................VP....`....................................O.......p............n.................T............................................ ............... ..H............text...(b... ...d.................. ..`.rsrc...p............f..............@..@.reloc...............l..............@..B........................H.......x:...E..................D.........................................(....*..(....*.r...p(....*j.(....,.~....*.(....o....*.~....%-5&..=...%.r...p.%.r...p.%.r...p.%.r...p.%.r%..p.%.....*>.........(....*..{....*"..}....*V.(....-.s....z.{....*>..}......(....*F.(....-..*.(....*..0....................(......(....*"..(....*..s ...*.0..8.......~!....s".....s".......+....o#.....o$.....X....i2..{%...*.*...0...................*"..s&...*..0............('...~....((......()...j*..0..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.ConfigLogging.Wcf.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):33352
                                                                                                                                                                                                                        Entropy (8bit):6.427785535016089
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:MyLKdKbuK4dbEqP470KpJimYiRv7AMxkEZ1:z2dKIdbEq657N7xt1
                                                                                                                                                                                                                        MD5:6F09F6A545763ED960BB506EF7CD3B24
                                                                                                                                                                                                                        SHA1:1F1DD34F934EA741D342A81C4D65CA68ED5BDB09
                                                                                                                                                                                                                        SHA-256:19BB4AD43271FED637274D9F2DCBC2B467CC924F9AF1F349E5E8CD0CE418A3CF
                                                                                                                                                                                                                        SHA-512:05CE7F41E6E8FBC91A344B0359BB9AEAF0CD61FC97B06D2166F7D8830820700F3B154216C807AC734FE7A692FAEC87D5A2FB63801B2F47FE7D4CC12052951163
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q..........." ..0..P...........o... ........... ....................................`..................................n..O.......x............Z..H(...........m..8............................................ ............... ..H............text...$O... ...P.................. ..`.rsrc...x............R..............@..@.reloc...............X..............@..B.................o......H........*...B..................Lm........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Configuration.Rest.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):516680
                                                                                                                                                                                                                        Entropy (8bit):6.130953718304825
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:uxW5Wby8kxWY/THWy6FBlYGlVdX/0PlWAtC5ED:oW5Wbq29eDtCuD
                                                                                                                                                                                                                        MD5:3EF6A52D7DE49CEA508220DA66168BAE
                                                                                                                                                                                                                        SHA1:01F18AD95D9A03577F8E0E16209FBBC9A358F68F
                                                                                                                                                                                                                        SHA-256:7D651C0CACF76CABA07754205B352BCAF0ECC038EF668781034F5560716CAC6B
                                                                                                                                                                                                                        SHA-512:8CE9AE6C9CFED39E96070B1E4E0A48030E65F297928BD5BBEDF1961126E200947222A7D1F7138FC4D824F4793CFF103976B3124888C3BF8BF7CA23CCAAFF2FAC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............6.... ........... ....................... ............`.....................................O.......................H(..............8............................................ ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...............................`.........................................(....*^.(.......Z...%...}....*:.(......}....*:.(......}....*:.(......}....*V.(......}......}....*J.{.....(....sy...*..-.r...p...[...( ...+.rS..p...[...( ...s!...*"..(....*....0..X.........("...,.r...ps#...z.o$.....^...%../.o%...r...p(&...s!....sA...%.r/..p('...o(...%.o)...*.0..0.......s^......}.....-.rK..ps#...z...._...s*...(...+&.*.sA...%.o)...%~....o,...%.(....o(...*....0..I.......s-...%.o....o/...%.o

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.ConfigurationLogging.Rest.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):361032
                                                                                                                                                                                                                        Entropy (8bit):6.117358562289614
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:V+fBNu0mJZSfLhNgHzebqqT22W/i/JL6/Ui96V7h5tVHMQo0h+:T0cchKa+qT2/QnV7h5tZN+
                                                                                                                                                                                                                        MD5:B2149647BF8788D6839E59508B1BB47A
                                                                                                                                                                                                                        SHA1:0BF62D4B8A2974EA9AF1BA479A4FCEF54B473B7C
                                                                                                                                                                                                                        SHA-256:72DDE1CDEC92411E1687BFC968C876018E074E67D90E945CC0861383278B69D5
                                                                                                                                                                                                                        SHA-512:6DC1ABC0B4B9225A2C5A9BC7163D5227B35364D7D78DF92D2FE9D0CD0DC21D8C8866F835B65EE8F561188DCDEFE4558744BE1BB6E394D6FDC9DA20F5E781130A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..P...........o... ........... ..............................H{....`..................................n..O....................Z..H(...........m..8............................................ ............... ..H............text....O... ...P.................. ..`.rsrc................R..............@..@.reloc...............X..............@..B.................n......H.......8....h..................4m........................................(....*:.(......}....*..-.r...p...P...(....+.ra..p...P...(....s ...*"..(....*...0..X.........(!...,.r...ps"...z.o#.....S...%../.o$...r#..p(%...s ....s+...%.rg..p(&...o'...%.o(...*.s+...%.o(...%~....o)...%.(....o'...*....0..I.......s*...%.o+...o,...%.o-...o....%.o/...o0...%.o1...o2...%.o3...%.o4...s5...*6..(....sK...*.s+...%.o(...%~....o)...%.(6...o'...sK...*J.......(...+sK...*B.....(...+sK...*6..(....s..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.DelegatedAdmin.Rest.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):440904
                                                                                                                                                                                                                        Entropy (8bit):6.118351987266528
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:VO6kFcGT4KDHWz6tGCT7TIBova84aVbYY:VjkWGMKtwFova8dVbYY
                                                                                                                                                                                                                        MD5:9645B3160835ED4CF5113B4F4CFC7A37
                                                                                                                                                                                                                        SHA1:37B2DB9ADA0CBCA46FF1F13C20F8B54FE7D18B9E
                                                                                                                                                                                                                        SHA-256:0140047657716C8C0FB1FC2BD48051E285A2052A53C6ACB848EFC7EA1617F9EA
                                                                                                                                                                                                                        SHA-512:F9C1369CE4A1DF0FE490922543B4F89F3A335C38D7A2D478CD205B18B7948216ACF02DF33EB568B2223A4B72585311B3B23D051D75FF8BF32E1E331C8C25C259
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............R.... ........... ............................../V....`.....................................O.......h...............H(..............8............................................ ............... ..H............text...X.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B................4.......H.......H...4...................|.........................................(....*:.(......}....*.r...p......%..-.r%..p+.r/..p.%...%...M....%.r;..p.(....s....*F......(...+sm...*.s....%.o!...%("...o#...o$...%.s%...o&...sm...*.s....%.o!...%("...o#...o$...%.s%...o&...su...*F......(...+s5...*"..(....*.0..X.........('...,.rq..ps(...z.o).....U...%../.o*...r...p(+...s.....s....%.r...p(,...o&...%.o!...*.0..u.......s-...%.r...p.o....tN...o/...%.r-..p.o....tN...o0...%.rC..p.o....tN...o1.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Diagnostics.Tracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):310344
                                                                                                                                                                                                                        Entropy (8bit):6.040417723444373
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:FyY81LaGPE0piO8YphUxuY9NQ57lp/4L8F:FaYGhDAH8RF
                                                                                                                                                                                                                        MD5:5350A0357CF1B34FDAC85728CC906BCD
                                                                                                                                                                                                                        SHA1:B773FA0DAEAEB087DE04D9423A0E344A6A35AC60
                                                                                                                                                                                                                        SHA-256:95D5E08BF509D36D64A9073040DB7AD9A37898C587BDCB1DD4E9DAB86BB77EEC
                                                                                                                                                                                                                        SHA-512:0F803D00273574B7597DD3E4F44962DF6F563466B7F99DFB54EF2DB92D5E0A5500B94214EF72746B5EF7CE6E8F5CAEF03CF347FD81EAAF8F4E448E6FBCE223CE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]O..........." ..0.................. ........... ...............................M....`.................................V...O.......................H(..........t...8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.........................................................................(>...*:.(>.....}....*Z(?...o@...r...p.oA...*.~....*B.%-.&r...p.....*.~....-"(B...%-.&(C...oD...oE...(F........~....*.......*..(....*"..(....*..0..>.........(+.........(G...oH...(,...(......,....(.......(....&.(,....*..........'/........(....*V~6...,..(....*.(....*...0.._.......(I...,.*.~....(....(J....~K.....oL.....-..-..-....-..rG..p.(.......+...r...p.<(......r...p ....(.....-........0......(M...r...p.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Monitor.BrokerCodes.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22600
                                                                                                                                                                                                                        Entropy (8bit):6.68897262137502
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:I4TjvqnFpvLZ9plHlMXENticTeJ7tIYiArevwAAM+o/8E9VF0NyRHP:dfynLvLrpllMXEPicTeJ76YiRvwAAMxD
                                                                                                                                                                                                                        MD5:F2E22C0C19BBE475C93ED006186D7BDB
                                                                                                                                                                                                                        SHA1:BF19B931EDCB655385AE61BCCF0F595A3CC5C925
                                                                                                                                                                                                                        SHA-256:E8FBC3F1772019427017814FD5502AB479A803CA8065236B45177E4EF3A7AF4C
                                                                                                                                                                                                                        SHA-512:56A62D6A9B34DEB409DC167EAA1E6513B7EFBEEE195C76B41C4BE5AE3C8F68D837FC8445A2C54C1C8F33D404EB91DC829AD7F84F14170A424E92FBC462E38857
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..&..........JE... ...`....... ....................................`..................................D..O....`..x............0..H(...........C..8............................................ ............... ..H............text...P%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B................)E......H.......x!...!..................\C........................................(....*:.(......}....*..0..b........(......(......(......(.......(.......(.......(.............o....(.............o....(.......(....*..(....*..{;...*"..};...*..{<...*"..}<...*..{=...*"..}=...*..{>...*"..}>...*..{?...*"..}?...*..{@...*"..}@...*..{A...*"..}A...*..{B...*"..}B...*..{C...*"..}C...*.BSJB............v4.0.30319......l...`...#~......H...#Strings............#US.........#GUID...(.......#Blob.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DelegatedAdminInterfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23624
                                                                                                                                                                                                                        Entropy (8bit):6.617203542361436
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:QASxhVxf+X5mQbLWpVUmhGS/jKsRJETIYiArevOAM+o/8E9VF0NyTFe6tj:QASxhXWdepdjjKsRJEcYiRvOAMxkEFtj
                                                                                                                                                                                                                        MD5:FE7E00CBD73D645CA772A8BB4B44F931
                                                                                                                                                                                                                        SHA1:EBD962F311AC7939421CB60473ADD6BB6A997433
                                                                                                                                                                                                                        SHA-256:FEB2609DDE49CCB1B322B0696EB5FDE6F44103056DF8BC121FF580D1D05BDE8A
                                                                                                                                                                                                                        SHA-512:F87ECEE4B7C3F051A71112763A18A950CB4D392000AC56307DFB938A7444DF83139F99B2F69ED4869239E2D0175DA2D7A34D4E95D4E7C60A3638ED8419B6232C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O..........." ..0..*...........I... ...`....... ..............................qt....`..................................H..O....`...............4..H(...........G..8............................................ ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H........'...................... G........................................(....*:.(......}....*B...(......(....*>..(......(....*..{....*"..}....*....0..Q........~....}.....(......(......%-.&......%..{.........s....(......%-.&(...+s....(!...*6~......s....*B...s....%.o#...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(.....{....o....,..( ...o.......*.*...-..+%.~....%-.&~......?...s ...%.....(...+()...*...()...-.("...r...p.(....(#...s....z*...(%...-.("..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.DistributedTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36936
                                                                                                                                                                                                                        Entropy (8bit):6.404693872371105
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:/o11h39WTWgWD9qLRfi3s0dU7vGV8xt5BPJJqYiRvUAMxkEi:A1j9WTduavGVOa7NyxO
                                                                                                                                                                                                                        MD5:38E40CE296F08065E7D8A100923F1694
                                                                                                                                                                                                                        SHA1:52F9C33D3ED7C18E70A8381D369EB96B98E11725
                                                                                                                                                                                                                        SHA-256:AFE1640A792B26F75D0D1179B4B4702AE505B58E910F10014AB9502969DF31AA
                                                                                                                                                                                                                        SHA-512:C2965D6AD7EFCA412F792810FE62A76B9B461FF9B431B4E064202DD6B976C250691BC29CA2B5CB95A2DC427FBD6FFC85C8B6632A951325F079F6AA762DD9DC12
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?............" ..0..^...........}... ........... ..............................f6....`..................................|..O....................h..H(...........{..8............................................ ............... ..H............text....]... ...^.................. ..`.rsrc................`..............@..@.reloc...............f..............@..B.................|......H........9...A..................,{........................................(....*^.(.......6...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..9........(......}......o....}......(....}.......}....(....,4........s.....#.......@(....#.......?(....s....}.....s....%...#...s ...o!...%..."...s ...o"...}.....,Y.(...........s#...o$....(....... ...s%...o&....(....~N...%-.&~M.....U...s'...%.N...o(...*.(.......(...s#...o$....(.......)...s%...o&....(...........s'...o(...*..{

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.ServiceCommon.KeySharingInterfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17480
                                                                                                                                                                                                                        Entropy (8bit):6.773016304810786
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:PmaBlZ96hdZx/JZRWIYiArevtxAM+o/8E9VF0NyscV:eaBZ6hdZx/JZtYiRvfAMxkEB
                                                                                                                                                                                                                        MD5:39FC74A08B7AD5D5CE967BD67BD1C4EB
                                                                                                                                                                                                                        SHA1:D8ED5C27AB1C1F3017D39EBDCD20A032DB14A77B
                                                                                                                                                                                                                        SHA-256:A817A71956D02D904954C6D85F121BB58991038F7DD3C9CC12481C4B6940221F
                                                                                                                                                                                                                        SHA-512:666D3E29E9F5CCB9EDC548A69090860A0CB676F360F55257196ABCA731825EEA875D1F3177CFBAB1D08F3B63F857C677863620EBFB5ADBF572AA42F3F52D16A5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V............" ..0..............0... ...@....... ....................................`.................................p0..O....@..................H(...`......L/..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......p ..\.............................................................(....*:.(......}....*..(....*.BSJB............v4.0.30319......l...$...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob...........W..........3........................................................................D.................'.....(.7.....7.....7.....7.....7.....................s.7.....7.........X.7.....7...?.$..............._...........d.....}.....Q.....}.....6...................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.ServiceCore.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):30792
                                                                                                                                                                                                                        Entropy (8bit):6.475917789551404
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:lpJgvVMRkMZ/f+B7L31trTPJ7vYiRv/jDAMxkEU:9gNMGK3Ef3PB7N/jjxY
                                                                                                                                                                                                                        MD5:CC68B0A045058CA43F9F1322F1291E89
                                                                                                                                                                                                                        SHA1:C108420E68E21B1F2385FFDAF1F34F36200D02C0
                                                                                                                                                                                                                        SHA-256:F20CD75049852C9FEBA7F92245668387C274E782346ED158C9C895551C748C3A
                                                                                                                                                                                                                        SHA-512:710651DF6D2ECE7DC777CBFD4018D192746CCE92CD48D8CA5EBE8095DE2767A9B4A2A5A817FAD3F8F37CD33F11837D6F5E967985B7B143511E796B43B0F7B44E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N............" ..0..F..........Vd... ........... ...............................q....`..................................d..O....................P..H(...........c..8............................................ ............... ..H............text...\D... ...F.................. ..`.rsrc................H..............@..@.reloc...............N..............@..B................7d......H.......p(...:...................b........................................(....*:.(......}....*r.(......}......(......(....*.~....*..0..$........{....%-.&.~.....{....o...+%.}.....*F~.....{....o ...*...0..5........o!........("...(#...,..{..............o$...*..(&...*....0..8.............u....,#......u..........(%....{.....o&...*..(...+*J(%....{.....o&...*..()...*"..((...*.0..P............("...o'........s(....r...p.|)...(...+-.~+.....,...s-...+........s-........*..(/...*..(/....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Fma.Sdk.Utilities.Sids.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25672
                                                                                                                                                                                                                        Entropy (8bit):6.464625409558362
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:3kcmSHTPtw5Loah7dm4FpXj7Jr4/YiRvCaAMxkE58:3kGaPJjg7Nvxl8
                                                                                                                                                                                                                        MD5:38F7B016E9200F55AFE341D4380CF1D7
                                                                                                                                                                                                                        SHA1:64C2DAD552BCE32270BA44E92B96E2742777F2E5
                                                                                                                                                                                                                        SHA-256:751AC00FE46DBE46F1063A9955C462CC32740BEDCF83C061A322CE7E323DCD9D
                                                                                                                                                                                                                        SHA-512:69EBA43B1E075C1FE8F6983D7A023475555247C641B2797352515F0269FD89EBEA860B905EFA345EAC34E530A8E50362840FF455254A7BA63E1D48C00B8B7592
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..2...........P... ...`....... ..............................dG....`..................................P..O....`...............<..H(...........O..8............................................ ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......,*...$...................O........................................(....*:.(......}....*v..(....,..o....r...p.o....*.*....0...........(....:.....r...p.o....9....r...ps......r...p(....o....(.......(......$.........( .....+..,...-o!...&....o"...&..X...2..o#...s$......+..r1..p.r...p(%.....s&...zr...p.('...s(...z..*........j.......2.(....(....*....0...........(....9.....o....r...p(....o......(...%..-.o)...~....%-.&~......"...s*...%.....(...+(...+%.i...r...p.(-...s(...z...+

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.HCL.DistributedTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22088
                                                                                                                                                                                                                        Entropy (8bit):6.641765707043487
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:fEF5H8cTNlAlsys5y/pSU96ppG7JewIYiArevVAM+o/8E9VF0NyHiscMQ:f6BDBQIvppG7JeZYiRvVAMxkEsB3
                                                                                                                                                                                                                        MD5:F09C4821B3E7C25CA445E8A16324B79D
                                                                                                                                                                                                                        SHA1:A61C27BABF80BE9EA13E087EE4EB59167EF98248
                                                                                                                                                                                                                        SHA-256:1AD2203660F8B15635F95C90F45634861AB4F782FE647C7977C76125C5CDF533
                                                                                                                                                                                                                        SHA-512:E2E5E49CD926B140C9B120F6FEB38778D2F96B3B1B6A55F54D96C92B0DFB892CB3EA98316F9EC6E32C8B8F16AC77CA966E5AAE585AB75D220DDD55373F055EE0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..$...........C... ...`....... ....................................`.................................0C..O....`..t...............H(..........4B..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...t....`.......&..............@..@.reloc...............,..............@..B................dC......H........#..4....................A........................................(....*:.(......}....*..(....*~.(......s....}......o....}....*..0..+.......(....%%-.&.........+.(.....%-.(......s....*R.{......(.....o....*.0..}................-..+..o....( ...-....o.....o!...("...(#.......(.......(......-..+..($...-(.,%.o%......(&...,...o%......('...((...&.*....0..$...........()...-..+...(*......(+...(,...-..+..-.(-...+.(.......()...9......(/.....(0.......-'.{......(.............$.....o

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Host.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):70728
                                                                                                                                                                                                                        Entropy (8bit):6.238526859520823
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:jl6l9mlTJepMTDAJpzEXAXcmHhcZmXvv2NPPyC7euhU9AVudkyhT0oGXz112s/iv:x8sx8p6D8YQ+u2ddKOJuyyUIk7NSxz
                                                                                                                                                                                                                        MD5:4460F282AB39F229C6A944EACDFA8BE0
                                                                                                                                                                                                                        SHA1:75FF6D5732C155AE88B4A3AD48842F004E338414
                                                                                                                                                                                                                        SHA-256:37F866CAA8475919429B277FAF9D9984515976DDC016C18D15E69EB311E917A4
                                                                                                                                                                                                                        SHA-512:FD5C8ABC2138A11BE3B65DEB34A5E9DA51EF14ED96422E8E32FB1F8BE8133D8BA6D5BB4FDFBF25E60D87FA97A0A2933157D6CBE7E6226F4389A44EC6DDED967E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....K..........." ..0.................. ... ....... .......................`.......(....`.................................?...O.... ..0...............H(...@......H...8............................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B................s.......H........L................................................................(....*:.(......}....*&...(....*....0..g.......s.......}......}.....(......}............s....s....}............s ...s!...}............s"...s#...}....*..0..2........{....o$.....oF......&.{....o%...r...p.(...+.....*...................0..2........{....o$.....o;......&.{....o%...r...p.(...+.....*..................:..o.....('...*^.,..(....,..(....om...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):164936
                                                                                                                                                                                                                        Entropy (8bit):6.100857885492078
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:eJpRHj1BkhNei0862FL+Ht/PYx5XYj60zFpRfKwPddAv0EPXE7zwlZ6iiofaKKMw:KppQe18KtMYD+jfEGEhJ
                                                                                                                                                                                                                        MD5:8B5BF5E2109CA772DC88C468F534B69C
                                                                                                                                                                                                                        SHA1:6EAFC9A2FFE2ED123EC9395A6D8290BDAE23BD65
                                                                                                                                                                                                                        SHA-256:2026A8BAF4E0B78004E8CE02C81A64910BFA0013D4F24736ECFAE416A17AC5B1
                                                                                                                                                                                                                        SHA-512:12CF80D7902B0CA0C9F10DAB67ABE9D3DAC27107025459E7782AF09181F7956628B697C496F605A192D163F2B40F5BB310507D810E1CFBA33B94919A232D67D5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ts..........." ..0..R..........Zp... ........... ..............................B.....`..................................p..O....................\..H(...........n..8............................................ ............... ..H............text...`P... ...R.................. ..`.rsrc................T..............@..@.reloc...............Z..............@..B................<p......H...........l...................ln........................................()...*:.().....}....*"..(*...*.0..g........-..+..(....,E.{+.....(,....................%..o....o-....s..................o/...*.{+.....(,....o0...*"..(1...*.0..P........(2...}.....(3...}.....(4.....}.......}......}......}.....~....}.....~....}....*.0...........(2...}.....(3...}.....(4.....}.......}......}......%-.&~....}.......%-.&~....}......-..+...o5...(6...-....}....*.(7...%-.&.+.(8...(7...%-.&.+.(9...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.HostView.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):66632
                                                                                                                                                                                                                        Entropy (8bit):6.259122314877503
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:5hfMi/4eO+1Gjzrf5HQS4QdmprkelESo0FKfebbkTSH9H53H4SGyZBDAYEZaI8OG:5hkiH1IzrPLmWemekWHCI6QhO7NnxIt
                                                                                                                                                                                                                        MD5:A4D232C7CD55DB9572976DF362B84A5E
                                                                                                                                                                                                                        SHA1:6B99482C81707B3F130B3B4D4C685FAE19DC90F3
                                                                                                                                                                                                                        SHA-256:7263CAA4F4A97D5C799A62F6363ED97B21ACE1E760E93C47DCD1689D033D1B28
                                                                                                                                                                                                                        SHA-512:8C401C7CB1DB4B8D9955234FB082ABD3639953260C8A1050BEBF0506BACA3D2F9754D0C7C0C4CFA8E1A5488550F3B68B6FFDE0F7B672245294CEFEF77675EC1E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R..........." ..0.................. ........... .......................@......".....`.....................................O.......................H(... ......p...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........;................................................................(....*:.(......}....*..,6.o.....o.....o.....o.....o.....o....%-.&.+.(...+s!...*.*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..("...*..(".... ....(..... ....(......( ...**....(....*r.(".....(......(......( ...*..(".....o#...(......o$...(......o%...(P...( ...*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Models.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22600
                                                                                                                                                                                                                        Entropy (8bit):6.641758028170825
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:yBMFcXKGSGC0BnhretBvE5G5rJhoIYiArevaZHTAM+o/8E9VF0NybZj:iUcXbjthrKFE5G5rJhxYiRvaNAMxkEL
                                                                                                                                                                                                                        MD5:749212B058ABED51628D55162FD2DDB9
                                                                                                                                                                                                                        SHA1:6B7EB15CDDA438B6638AE13C0108A6A629A32401
                                                                                                                                                                                                                        SHA-256:ABA2D87AFD0B997EE6C38E91E9DE732156C7256F23B92E3CF10518E1A66098FB
                                                                                                                                                                                                                        SHA-512:E61A94F2A8EBB0993F02B9D6BACB27ACFF46245D92B47D589CD18DFF805177E909D070655A6348F14D12932CC293A44EAAFEE6A3D538DE39A72E5750E4B78D6F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..&...........D... ...`....... ..............................:R....`.................................4D..O....`...............0..H(...........C..8............................................ ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................hD......H........#.......................B........................................(....*:.(......}....*..0..d........(......(......(......(.......(.......(.......(.......(.......(.......(.......(.......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*r.(......}......}......} ...*..{....*..{....*..{ ...*.......%.r...p.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Wcf.Types.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):77896
                                                                                                                                                                                                                        Entropy (8bit):6.279842647751867
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:KTu1lirCE6WbHQiTvkETvHjH2HuCSSl17NQxu:KTYWCtawiTkW7HIuCSSl1hx
                                                                                                                                                                                                                        MD5:C951CB54E676F4FFF8F63F1C70CB1D35
                                                                                                                                                                                                                        SHA1:836FD9BC87CCA73962957BB5CB66C9D73E713038
                                                                                                                                                                                                                        SHA-256:084EF1BB4A492A84BFEEDB8FB56967034C04DA83F71112E0277001FEFB813D13
                                                                                                                                                                                                                        SHA-512:7EAD654563698C81970C658F3C0BCD4770D0718C5C20CFA651EED8C1CEA5F58E13482EF1DE5F622BBE835BCA8C2455AF3D1F1E96482BCC59E59FF3BA92BE7120
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`............`.....................................O.... ..................H(...@..........8............................................ ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......tQ......................(.........................................(....*:.(......}....*V.(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..;........(....(....,..*.(......(...+,..*(....r...p.(....(....s....zR.........o....(....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(....*:.(......}....*...0..x.......( ....o!...-..{....ra..p.(...+r...ps#...z( ....o!.....($...,..{....rC..p..(...+.*.{....r...p.( ....o!...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.Wcf.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):284744
                                                                                                                                                                                                                        Entropy (8bit):6.073141433492261
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:KTKRVCGM8QYTxIHZHpXDcDHyt2V31CDDc1z4sxPX5k9ztuOw37VJ5hH:KeiGNyHZHQStS3cDDc1vxPpiztunxH
                                                                                                                                                                                                                        MD5:FD605A6D980CA8F8CFAE450F8EE32267
                                                                                                                                                                                                                        SHA1:6FD00AB7F9F3D88685C2FE7822AB1882D3BEF07E
                                                                                                                                                                                                                        SHA-256:E910F464058B4764FE42D60C6278F1DB87DE2DC6E707B72AAF4491643CE50DB3
                                                                                                                                                                                                                        SHA-512:BA21A06056923AB35B16395EA02D48EB0736A961D796CCBE7EF930959EFFB0F7C2C58E7AB4A6EBC3B02269856CD1266583AF97932F38915439B97D6650030786
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....x..........." ..0..&...........D... ...`....... ..............................8j....`.................................FD..O....`...............0..H(..........0C..8............................................ ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................zD......H........v.......................B........................................{$...*..{%...*V.(&.....}$.....}%...*...0..A........u........4.,/('....{$....{$...o(...,.()....{%....{%...o*...*.*.*. |_.. )UU.Z('....{$...o+...X )UU.Z()....{%...o,...X*...0..b........r...p......%..{$......%q.........-.&.+.......o-....%..{%......%q.........-.&.+.......o-....(....*..{/...*..{0...*V.(&.....}/.....}0...*.0..A........u........4.,/('....{/....{/...o(...,.()....{0....{0...o*...*.*.*. L..y )UU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.HypervisorCommunicationsLibrary.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):62536
                                                                                                                                                                                                                        Entropy (8bit):6.0676641896646695
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:kuOV3mTNB8O5f+CPzkSMYUvjAYH2KwwfkMImHTxabBTWJ7lYiRvPAMxkE+d:8V3mTN9MYkSMYzM/HTQQL7NPxid
                                                                                                                                                                                                                        MD5:D5813C8F21AB51392CEECDF3D731FE0B
                                                                                                                                                                                                                        SHA1:8F76EF7FB89A227FA2496E554268F69F8A572683
                                                                                                                                                                                                                        SHA-256:EFFFD732EE1DA5574625402B0DA7DCE923457682D11B468CF52EE72E459E470A
                                                                                                                                                                                                                        SHA-512:2C2620C09208CE74D542947010D0E502203286E44E5B5417758CCF597D55FACA784818B6BD5B0F6CBAF0078EC66F752CB7B09C7C9E78EA0947C0DB86DF6D51D0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R..........." ..0.................. ........... .......................@............`.................................v...O.......................H(... ......h...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......X!................................................................(....*:.(......}....*:.(......}^...*..{^...*~r...p(.....w...re..p(.....x...*..(......}.....~....}.....s....}.....~....}......}....*....0..'........(#.......+......{.....o......X....i2.*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*.BSJB............v4.0.30319......l....R..#~...R..$O..#Strings............#US........#GUID..........#Blob...........W..........3........A...Z...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.IconConverter.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):71240
                                                                                                                                                                                                                        Entropy (8bit):6.214247664726001
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:tKxvcK/oaUoidIrIo8CQ70Cf1wDuHoHaglonFHs91jMI4vqsPBS+E36T7NbyxF:twB/oaUBSR8KHaWKHS1p9se36Th4
                                                                                                                                                                                                                        MD5:5FEBF1097C8A030C6556A467EB622CDD
                                                                                                                                                                                                                        SHA1:1D21816D8324BE8B9CFECD1B4306A8A6AD9A8A0B
                                                                                                                                                                                                                        SHA-256:5E8865A2D3FBCE0C075040B0E27DB13BB3110169E07C9824B0C5E8CA3F4A92E0
                                                                                                                                                                                                                        SHA-512:BCFED8FABFE6A601A097992557062BDA15AF97CF87082EF02F17F3AA117DD6D7E64632F6827F949C94D22FE39DDEE577DF89AB7A2700478E61E287E54982B2DF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^y............" ..0.................. ... ....... .......................`............`.....................................O.... ..x...............H(...@..........8............................................ ............... ..H............text...X.... ...................... ..`.rsrc...x.... ......................@..@.reloc.......@......................@..B........................H.......xy..............t.......d.........................................(&...*:.(&.....}....*..0..A........-.r...ps'...z.s(....s)......(.....o*.......,..o......,..o......*............+.......... 5........-.r...ps'...z.-.r#..ps'...z.(.....o....*...0..#.......s).......(.....o*.......,..o......*..................0...........-.r=..ps'...z.-.r#..ps'...z.o+......(,....2;.o+......(-....2*.o+......(,... ....0..o+......(-... ....1.(\...r=..ps....z.o+...~....(/..., s......{......(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):83440
                                                                                                                                                                                                                        Entropy (8bit):6.066122239374408
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ayQGdbpU5ZnjFU3fqBc/cqG16sf3j1ttQjYCvuAzDA8t1IF+:mZnjFU3C8G1zfTLtQusJHq+
                                                                                                                                                                                                                        MD5:606408A49FBA21418B623AA323238B02
                                                                                                                                                                                                                        SHA1:3DE6A999671F33563233E8209FC798B804F8DE95
                                                                                                                                                                                                                        SHA-256:CCF44659A39915728D8AC39223F1BA6A8808EBB72C716A6F68BC6C2C77EA3A2D
                                                                                                                                                                                                                        SHA-512:738FDCD6AB273A20E6304227DA88C14301A25B01FD6F66240C9DFD251C0A4B235553A10E7D8E4F1D2E3F77357A66F4F494B733B3731A2A53AB7DBDC5098AA0CD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>E..........." ..0.. ...........>... ...@....... ....................................`..................................>..O....@..|............*.......`.......=..T............................................ ............... ..H............text........ ... .................. ..`.rsrc...|....@......."..............@..@.reloc.......`.......(..............@..B.................>......H........X..t....................=......................................F......(....(....*...0..]........(......r...po....(.....r...po....(.....r...po....(.....r7..po....(.....rI..po....(....s....*....0...........t......o.....r...po......o ...o!....r...po......o"...o!....r...po......o#...o!....r7..po......o$...o!....rI..po......o%...o!....o&...*..('...*:..s(....(....*...0...........()....-.rk..ps*...z.o....(+...,.r}..ps*...z.o.......(,...-..r}..ps-...z.o....(+...,.r...ps*...z

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Logging.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):48624
                                                                                                                                                                                                                        Entropy (8bit):6.122766914898859
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:cYxJGSFz3+B4eJ6mMVN5OZs0eV4M+rk0DpJF/Hp+mAZrnbjwAtPGZEJBqDGKh2ME:cVSFT+B4eJ6mMVN5O20eVSA0DpJFsp3D
                                                                                                                                                                                                                        MD5:C2DA95E32846009C207C88683AB1E93C
                                                                                                                                                                                                                        SHA1:C023348F54F45DFC0C377A02A966C11EE275C8A6
                                                                                                                                                                                                                        SHA-256:E62111FF9890E9940B136F1E81CDB24E9C12FC59CACDC65291A66E749D9EB633
                                                                                                                                                                                                                        SHA-512:92790658B3E128E5D67F76F25DA3077D3A70CA466EA8A1FDB9B34BC56A76171FFB85FE5ACBE80E3DA2AB89C81D681231AFDC5E64F2A4CC847AA41BB1B5DB1559
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:.C..........." ..0.................. ........... ...............................{....`.................................b...O.......|...........................`...T............................................ ............... ..H............text........ ...................... ..`.rsrc...|...........................@..@.reloc..............................@..B........................H........D..$q...........................................................{%...*..{&...*V.('.....}%.....}&...*...0..A........u........4.,/((....{%....{%...o)...,.(*....{&....{&...o+...*.*.*. ... )UU.Z((....{%...o,...X )UU.Z(*....{&...o-...X*...0..b........r...p......%..{%......%q.........-.&.+.......o.....%..{&......%q.........-.&.+.......o.....(/...*..('.....%-.&r;..ps0...z(......(....*..{....*"..}....*..{....*"..}....*....0..$........{....%-.&.rS..p.(....(1...%.}.....*>..s

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.IdentityManagement.Utilities.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36848
                                                                                                                                                                                                                        Entropy (8bit):6.172562536701344
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:du5gx2zUnoY8CkujdjPR6ZNd+XELZqJcHDGLg2MIhvOS:oSx2zUo9QjL6ZNdxAkFc
                                                                                                                                                                                                                        MD5:2280739C48078E052C60617372D75575
                                                                                                                                                                                                                        SHA1:3A4A554900C50AAC48FB8201CBCC7724A5F30029
                                                                                                                                                                                                                        SHA-256:40286E44BFC627405F4A56063547E88D5F385D1D3F1F9CD07E9D3229021363B9
                                                                                                                                                                                                                        SHA-512:2914EED1D665B5E2A4EE66AED5CF9E2AA4CE370CEA1EECB6AD69AE0927C2C39CAE14879EC38E08FB911A7ABEEF4A67C749862E44E07543E32EDFF4E43BE05761
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....kN..........." ..0..j............... ........... ..............................Z.....`....................................O....................t..................T............................................ ............... ..H............text... h... ...j.................. ..`.rsrc................l..............@..@.reloc...............r..............@..B........................H.......h7...N..................@........................................0............(.......(.....*...................:..(.....(....*..{....*"..}....*j.(....,..(....o....s....z*..0...........(....,.*..(......o......&..*.....................(....*..{ ...*"..} ...*..(....*:.(......}....*..{....*V.(......}!.....}"...*..{!...*..{"...*..(#...*Z..($.....(......(....*b....(%.....(......(....*....(&.....r...po'...(......r...po(...(....*..-.r1..ps)...z.r...p.(.........o*....r...p.(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.MachineCreationAPI.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):61000
                                                                                                                                                                                                                        Entropy (8bit):6.244799465732791
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:BG/KZYMUCQyGO9leMNjQfdcteovjYsnxawXZ5ScjJu5syKsFX8nJ0aYiRvbhAMxw:c/Uiile2Qfd8Tssnwc9j0NOr7NNxw
                                                                                                                                                                                                                        MD5:3576D847768ADF848044315663505C72
                                                                                                                                                                                                                        SHA1:B68D9318467A9FC6F5652A8F19707E9F0538A632
                                                                                                                                                                                                                        SHA-256:B47993ECC7379125B0F2E2B2007F4255449CBF0D6352FB8AAB18DEE48EE181D0
                                                                                                                                                                                                                        SHA-512:DC6B8D18693E3532BC9700CF2E50F4271750071542DD720F6E00230539BA47BC1BD1E65DFEE94F70397A53CEF0BEC608219199E9F2524AA54CD6D527604D0908
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]&..........." ..0.............2.... ........... ....................... .......E....`.....................................O.......T...............H(..............8............................................ ............... ..H............text...8.... ...................... ..`.rsrc...T...........................@..@.reloc..............................@..B........................H.......L2.. ...................l.........................................(....*:.(......}....*.........(.......}.......}.......}....*..{....*..{....*..{....*r.(......}......}......}....*..{....*..{....*..{....*..{....*..{....*..0..K...............(.......}.......s....}.......}.......}.......}.......}.......}....*..{....*..{....*..{....*..{....*..{....*..0..T........(......(......(......(.......(.......(.......(.......(!......(#......(%......('...*..{....*"..}....*..{....*"..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachineAPI.HostView.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):33864
                                                                                                                                                                                                                        Entropy (8bit):6.502610185197789
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:aNRXcVvCnsXHDi9lM89jFg2ytoLPJTGYiRvTAMxkEH5S:4pcdbHATgsY7NTxzc
                                                                                                                                                                                                                        MD5:F3B5BE66E777DC42B3F0798BF51EC802
                                                                                                                                                                                                                        SHA1:967B30C441A8902542A1ECAB1B9C2056629E2FB1
                                                                                                                                                                                                                        SHA-256:15155431B83631305B7D639FF7ED5471068739F81928238E034F127FD0C3123E
                                                                                                                                                                                                                        SHA-512:C7A8C8BB130758743D0278295A3D4E215B43F39BCD2745977A9D4B10858E1B9594CD1B03BA23C56FF5B2CE756F2029B2F01F4ADD0F9872E07A33E8D1F3C0FCA4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7............" ..0..R...........q... ........... ..............................X.....`.................................0q..O....................\..H(..........,p..8............................................ ............... ..H............text....Q... ...R.................. ..`.rsrc................T..............@..@.reloc...............Z..............@..B................dq......H........*...E...................o........................................(....*:.(......}....*..0..Q........(......(......(......(.......(..............(..............(..............(....*....0..D........(......(......(......(.......(.......(.......(.......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..........(....r...p......%..(.....%..(..........%..(..........%..(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachineAPI.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):47688
                                                                                                                                                                                                                        Entropy (8bit):6.2881347196202135
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:lQ/JVp7EXv/COD6IaUNHtAS3poDL1XHASQlAlM0gGT9VoO44JwXYiRviAMxkEy:gpQVaU9tAeolXHoF89Rm7Ngx2
                                                                                                                                                                                                                        MD5:57558DF83002CCCE7282E82375D6CD23
                                                                                                                                                                                                                        SHA1:8E4CB4D77FD62A8D43E8A834360C5A6C4CF566C0
                                                                                                                                                                                                                        SHA-256:8989BCEC431B647830031533077A8290762F90A2126D2EC922BA6F38F837A825
                                                                                                                                                                                                                        SHA-512:DB3FA5101A3C8913B4754BC297F3516E3A34DA41F0CFCF8FF8679A77DCC39D135C3B02656D5B8F03479F5751F5519502EBAC3871BD7A1BA87B6327EDFF1C210F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H............." ..0.............j.... ........... ..............................&.....`.....................................O.......T...............H(..........$...8............................................ ............... ..H............text...p.... ...................... ..`.rsrc...T...........................@..@.reloc..............................@..B................J.......H.......D-..`w............................................................(....*:.(......}....*..0..Q........(......(......(......(.......(..............(..............(..............(....*....0..D........(......(......(......(.......(.......(.......(.......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..........(....r...p......%..(.....%..(..........%..(..........%..(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.ManagedMachinePluginFinder.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):40520
                                                                                                                                                                                                                        Entropy (8bit):6.22192591496667
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:DHbA4kaAGKBFj/srzLtRyk9bKTRMz43cK3O79tQjPJrMYiRvnAMxkEj:2hGq9krvWkaa7NHxv
                                                                                                                                                                                                                        MD5:CB8206456D2C43EDFDBF608FA3203010
                                                                                                                                                                                                                        SHA1:D3F641C2C23E38F6EDFCD59E87B29F98D56465E9
                                                                                                                                                                                                                        SHA-256:BD490CB3AC778C00FF76D6401DDDD18E43C76BDC7790453C3DCFFFCDB22DE15B
                                                                                                                                                                                                                        SHA-512:6EC092D9AFE6F2D1180FCF8935BA964BAB57EC18F95C74E378DA86F40B15171F94A3F86867760F659C1014B6DE8DF4CE28902CE7669151DE4A2B4B9873E17061
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5m............" ..0..l.............. ........... ....................................`.....................................O....................v..H(..............8............................................ ............... ..H............text....j... ...l.................. ..`.rsrc................n..............@..@.reloc...............t..............@..B.......................H........:..dN............................................................(....*:.(......}....*..0..........s.......}......}.....(......{....%-.&r...ps....z}......%-.&r...ps....z}.....|..................s....s....} .......!...s"...s#...}$.......%...s....s....}&...*2.{ ...o'...*2.{$...o(...*2.{....o)...*2.{....o*...*2.{....o+...*...0..!........{....o,...o-.....,...-..*.(....*F.{....o,...o/...*r.(0...-..{&...o'...+..(1...*.0..u........{....r%..p......%..(2....%...3....o3....,..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Networking.WebSocket.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):691272
                                                                                                                                                                                                                        Entropy (8bit):5.868262635454626
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:ZaiXFAJj/vnJGY1C03eUzGoWLzfffFHzon2cY4Nf+1BGFwCfffwXdwdTcUsC0mJV:ZBiHuzZ1WNCHXyYSRXvbaoqDpsl2A
                                                                                                                                                                                                                        MD5:49721E1308FA4D9BCE1B7DF16F960F62
                                                                                                                                                                                                                        SHA1:C402553AED065892296ADA6800F1C851BC55D417
                                                                                                                                                                                                                        SHA-256:AA69B48EA53FBC7B0744CDF377D023F965721B8942924C234905F15BEE1C592B
                                                                                                                                                                                                                        SHA-512:16C6ED9FABDD6DE24117E779055072DD2DAD08C51DF19789AE98D356D5877106429E57540BEDD9E51E4E87BBF3DFBD0C4E8686BE8D305AEF8596B773607673E3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...bw............" ..0..Z...........x... ........... ..............................T.....`..................................w..O....................d..H(...........v..8............................................ ............... ..H............text....X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B.................w......H............:...........V......Pv........................................(E...*:.(E.....}....*..0..L.......s........}G.....}H.....}I.....}J......}K......}L...~............sF...oE...&*.0..p........~G...}.....(H...}.....sI...}.....(I....-.r...psJ...z..}......}......}.......}.......%-.&~K...}.....~L...(....&*:..{....(....&*:..{....(....&*...0..........s.......}M.....}N....{..........(M....{....-.(H......I...(N....{....(O....{....(P...,Y~.....{....oZ...-G.(N...}.....{....oQ..../

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Networking.WebSocket.pdb

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:MSVC program database ver 7.00, 512*3191 bytes
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1633792
                                                                                                                                                                                                                        Entropy (8bit):4.072319085627301
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:ZltaHbIN21HmQkwIe2TIn1XsXpo/l6TF97RnngalDAY0bwfNMDdwdAmGEmetyF+y:ZltaK/kI9/umtyF+8Z5mzeRsHnuUeRb
                                                                                                                                                                                                                        MD5:7CD57DC61FE797797B8DCDD340E335C8
                                                                                                                                                                                                                        SHA1:7048F355FD392AEBB55399E831D79B7A75357566
                                                                                                                                                                                                                        SHA-256:E59D34468AC7A4F1C727A9B50417FF8F800C5D2A75842FC5EFBC6B9A697C1701
                                                                                                                                                                                                                        SHA-512:3CAED09602C88D171A243810F763F9541A7B2B79525A16CA1C711F7AD8FCAF0D5817C9C91BEF0DB3A81C7B080EDBE213B75B5EA4142C106E4A0EBBE716D79A0F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:Microsoft C/C++ MSF 7.00...DS...........w....1......t...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.OperationalEvents.Broker.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):168520
                                                                                                                                                                                                                        Entropy (8bit):5.563807804531201
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:OJAw7BXvaaIY8gNFyLV5ijNlovzBHSE9jbQVSZilurlRfcv9gK+5b3oTYUVoF8PI:FaYUSFcI
                                                                                                                                                                                                                        MD5:D7A3B1188522E6873F545E47CDB4AECD
                                                                                                                                                                                                                        SHA1:4BBFA3A8A63499046C74670F5D5681F3EBB9920E
                                                                                                                                                                                                                        SHA-256:841283606AED51626EC0377E5564FBF19488B0FF048268537A995CB643B1ECB0
                                                                                                                                                                                                                        SHA-512:2A1E4646DAD6FCCEDD302AD8B6939797CFAE2CA9BA76D5A22092B3DBCFCDE2AC28FEAC59DB0B3F85499BBC764DBE36992F3DC8C868054F5D1C772B152DF63B6B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............b.... ........... ...............................q....`.....................................O.......(............j..H(..............8............................................ ............... ..H............text...h.... ...................... ..`.rsrc...(...........................@..@.reloc...............h..............@..B................C.......H.......h...............t.......|.........................................(....*:.(......}....*..%-.&~....*..0..h.........~....-]~....,M~.......(.......(......(........(......(......(......(......(..........og......(4......*........V_.......0..1.........~....-&~....,.~.......(.......oh......(4......*............(.......0..w.........~....-l~....,\~.......(.....(......(......(......(........(......(......(......(......(......(......oi......(4......*.........en.......0..I.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.OperationalEvents.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18504
                                                                                                                                                                                                                        Entropy (8bit):6.783970525722656
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:+GrhsWPBH7i8pJ0lIYiArevYaAM+o/8E9VF0Ny36UAA:+3Wp7i8pJ0SYiRvYaAMxkEsY
                                                                                                                                                                                                                        MD5:40AED33C69C25AF4926FCA6A7460DFF1
                                                                                                                                                                                                                        SHA1:52A95FEF35B1A43028CDB2904C1977E8160CEB79
                                                                                                                                                                                                                        SHA-256:E5EF2E08DABD47E7F0ED06B917D90B193BA52D3F69AF99E4B4BAB501B5EEE6A8
                                                                                                                                                                                                                        SHA-512:1A41C0257B7C56383722218CF59EA52B962C46B48D42B97166E5C50B60EBBAAFF4B068DA9667962B0E82757F028CAD1502FD30FBEFD076A26E4C9070F441575C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-E............" ..0..............5... ...@....... ..............................L.....`..................................5..O....@..x............ ..H(...`.......4..8............................................ ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................5......H........!.......................4........................................(....*:.(......}....*6.(.....(....*R(....,.(......o....*R(....,.(......o....*..0..d........,`(....,Y(....r...p..o....(......o....,!.(....r?..p.o....o....(....(.....(....rq..p......%...o....*.0..).......s.....s .......o!....o".......,..o#.....*....................0..#.......s......s$......o%.......,..o#.....*..................~....*.......*.~....*.......*..{....*"..}....*..{....*"..}....*V.(&.....(......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Services.ServiceHosting.WindowsServiceHostingApi.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):26184
                                                                                                                                                                                                                        Entropy (8bit):6.57189630367246
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:o2BHdzesYIM3+Zoe0oKyLznRhJ5VIYiArevmlCAM+o/8E9VF0Ny7H:TC1Ne0qznRhJ5iYiRvICAMxkE1
                                                                                                                                                                                                                        MD5:F5A3A1ECB849CCD360C4C47F3B5B5C3D
                                                                                                                                                                                                                        SHA1:DF4BBDC834AB87216FFE43DF0063B1673E812527
                                                                                                                                                                                                                        SHA-256:5DD0DED4362E39F67EE27BCEEE5818D388CBC67205E08620B4BF6B495F72059B
                                                                                                                                                                                                                        SHA-512:10688A2AC822D07FBD689581D8DF5F792FF95A29233A844BD0B58999A7454340DE236D50532217CA9A9957239E4E633CBD2B58F17C35E976134162162FA42082
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z............" ..0..4...........R... ...`....... ...............................5....`..................................R..O....`...............>..H(..........|Q..8............................................ ............... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B.................R......H........$..t+...........O..p....P........................................(....*:.(......}....*..0...........(.....-'.~3...%-.&~2.....^...s....%.3...}....+...}.....-'.~4...%-.&~2....._...s....%.4...}....+...}.....-&.~5...%-.&~2.....`...s....%.5...}....*..}....*6.{.....o....*2.{....o....*2.{....o....*:.(......(/...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Services.ServiceLocator.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21576
                                                                                                                                                                                                                        Entropy (8bit):6.583380538882439
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:lET6OxCVDMhMYkmYjt/qVdiCdeJFfIYiArevUdQAM+o/8E9VF0NyFiFsAs:HfVDy+mY4diCdeJFgYiRvlAMxkEnb
                                                                                                                                                                                                                        MD5:9B94BFD7B3076BA034C9268730FD7746
                                                                                                                                                                                                                        SHA1:26597BBE99C06363C175AB1464F4BC4958D67CC9
                                                                                                                                                                                                                        SHA-256:A00AA702AC6F162A3FCF870E55AEE025F5ECA272340AB264EEC1D3197110FEEC
                                                                                                                                                                                                                        SHA-512:63A9F6A449D7E4090E148371A6B9085B8BE06B7BFEBB047D61C165D1C025BA468AD2F38C876D5502427A1499FE36F1A17F007D9BCAA7FABA14DEF8540E3B35B6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(.i..........." ..0.."...........A... ...`....... .............................._V....`.................................BA..O....`..x............,..H(..........T@..8............................................ ............... ..H............text....!... ...".................. ..`.rsrc...x....`.......$..............@..@.reloc...............*..............@..B................vA......H.......H%..............T=.......?........................................(....*:.(......}....*..0..G.......(......o...+..6......(.....(.....,......(....(.....s....z.............*............6.....0..'.......(.......o..........(.....(.....s....z.*..................0..;.......(.......o...+..).......(.....(..........(....(.....s....z.*............).....0..*.......(........o...........(......(.....s....z.*...................0..8.......(......o...+..'......(.....(.........(....(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Trust.Library.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):52296
                                                                                                                                                                                                                        Entropy (8bit):6.325168557871944
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:FEC5ANGvrBfwENlAuGkFD4Vyl/uXej7NAPx2:+iNFGkFD4Vyl/uujhAs
                                                                                                                                                                                                                        MD5:94BBE36FA2A97AD91BE970737C4ED247
                                                                                                                                                                                                                        SHA1:B2D000CBC0EE2A87322A625FD30CFC8D89476BFA
                                                                                                                                                                                                                        SHA-256:30DB7E46CA7ACCA035B7F0466370ADFDBC79CA81C8DCEEF770DF4416874AC21E
                                                                                                                                                                                                                        SHA-512:6717FE7A8E40253628CAD9CE41B912CB7AE76D654927246C1657C322C03B4931A5269D27A9689EB89A81C526731F7F99DD58CE6ABD18D259F6CBD2DE9D13CE4B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....(............" ..0.................. ........... ....................................`.................................T...O.......<...............H(..........d...8............................................ ............... ..H............text........ ...................... ..`.rsrc...<...........................@..@.reloc..............................@..B........................H........D..Pr...........................................................(....*:.(......}....*...R...%.r...p.%.r...p.%.r...p.%.r/..p......*.0..........s....%.s....o.........s....*.0..........s....%.s....o........s....*..0..........s....%( ...o.........s....*..0..........s....%( ...o........s....*..(!...,.rE..pru..ps"...z..(......s#...*...0..X.........($...}u......}v......}w......}x......}z.......}y......}t.....|u.....(...+..|u...(&...*.0..O.........($...}~......}.......}....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasConfigClient.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):6656
                                                                                                                                                                                                                        Entropy (8bit):4.542553974622862
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:IQ3PmfJow87yyXR3Cx1ki+rbk/2NaFL/AwGPJ/:piowQNCrkp62cpAwGPJ/
                                                                                                                                                                                                                        MD5:DFB6C46732557B1042F2CE6BE9233BDC
                                                                                                                                                                                                                        SHA1:080C586B9E247611E0DD1DADBF386D4F126F787D
                                                                                                                                                                                                                        SHA-256:32415E3F57F89B949A25308F6F4B5F76867500C03AFF7CFC9FF358E780CD65F4
                                                                                                                                                                                                                        SHA-512:B39D4838416052B9F2B1816637B51D3ADA63EBBA0E3B89FAEC0048D8427A65B7A8BD694F356209F0D0BECC9B83162D0EB20D6050B9072DB8CC4DA2ED7C6AC63E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0T.b.........." ..0.............z/... ...@....... ....................................`.................................(/..O....@.......................`.......-............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................\/......H.......D!..,...................p-......................................B.(........}....*....0..%.........{....o......r...po.......(.....+..*....0..e..........o...+o....~....%-.&~..........s....%.....~....%-.&~..........s....%.....(...+.s....%.o........+..*..{....*"..}....*".(.....*.s.........*..o....*2.o....o....*BSJB............v4.0.30319......l.......#~..T.......#Strings....<.......#US.T.......#GUID...d.......#Blob...........W..........3....................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasEventHubClient.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):35328
                                                                                                                                                                                                                        Entropy (8bit):5.612078605535958
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:I1UbAU2sMvJEMhLXY9H18IzAMepHO9IbmaO4+fGLjZ0J4:I1Ul8vJThLo9HX2b84Hm
                                                                                                                                                                                                                        MD5:02AA34B05CB221B0AA2B9D5D7685D2F8
                                                                                                                                                                                                                        SHA1:3A35E7388EA7E079899B4AE493246AE380C9E6C8
                                                                                                                                                                                                                        SHA-256:0BB75C12C7803A96BDD9573BC286EE98690BF959F8758C863451BFE560D123EE
                                                                                                                                                                                                                        SHA-512:7A40E0CD19FC6AF6F17EEDCC8E25D3B171C7AFB6DEB7ED3CB36CF46595A9CAF1A8226C143E73733CC6F3F05D1352453F3F41A3D3431C2C8907245314C473C1BD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0T.b.........." ..0.............B.... ........... ...............................\....`....................................O.................................................................................... ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H........A..d[..................8.........................................{....*..{....*V.(......}......}....*...0..C........u........6.,0(.....{.....{....o....,.(.....{.....{....o....+..+..*. ..m )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0..b........r...p......%..{.......%q.........-.&.+.......o ....%..{.......%q.........-.&.+.......o ....(!...*..{....*..{....*..(........}......o"...o#...o$...}......o%...}....*....0............{.....o&.........o'....*...0............{.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.CasInterfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9216
                                                                                                                                                                                                                        Entropy (8bit):4.801244031243976
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:5ljSidtsy6MbHwFvAmBcBwrLBr1ejb/Z4JB:DSOq9sQoZKrLGjb/Z4JB
                                                                                                                                                                                                                        MD5:FE8AB4189D934FB392C8CB52A29981F9
                                                                                                                                                                                                                        SHA1:27CDC9FB2693C3CCD3081138534E8E90667D6E0C
                                                                                                                                                                                                                        SHA-256:09967D113E00ED5844683F56AA9AF9793BCFCBD273589C52B651117C6A1BEE17
                                                                                                                                                                                                                        SHA-512:4CFDBF7E26098B648BA6C05C92BE58AAE942E55F1E8C84C109840FE9C91D236F81EE3FED3595EF5253FD0721FD34F12F3B165499FE37B3048C1280103B3AF2BB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T.b.........." ..0..............8... ...@....... ..............................R{....`.................................t8..O....@.......................`......<7............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................8......H.......H!..t....................6........................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*".(.....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......\...#Blob...........W..........3....................3...%.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.WorkspaceAnalytics.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):118272
                                                                                                                                                                                                                        Entropy (8bit):5.689521458199326
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:9639QyVdvs2Fxrc0l2lYCe6n9O+8JFtcmtrelgn:S9HV5s2Fxc02lZacUr
                                                                                                                                                                                                                        MD5:4456213C748AB216AC35836816062F8B
                                                                                                                                                                                                                        SHA1:6520AA14C322F95DF5AF5766FD5FF88D37D683F1
                                                                                                                                                                                                                        SHA-256:6BB187CA19FC6D8300E023197219D80C66AAE992F1986F4F64F31ADD8949FF51
                                                                                                                                                                                                                        SHA-512:FF5BD91CC42209091144E252F2F71A969B8BB775367507A1722991C995522E6061FB78E750380EBE26B32B2055E8F6B1EE60EF5A0A5EB07E5F6C26882B10BF3A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... T.b.........." ..0.............6.... ........... .......................@......7.....`.....................................O............................ ....................................................... ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........|0..................,........................................0..O..............,E.(,....r...po3...(...+(..........(..........%...(....u..............z*..0..W.......s.......}......} ......}....~....%-.&~..........s....%.....(...+........s!...("....+..*..0..j.......s.......}!.....}#.....}$......}"...~....%-.&~..........s....%.....(...+........s#..........s$...(%....+..*...0..R.......s........}%....(...+..l('.....l('..........s$..........s(..........s(...()....+..*..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.AspNet.CitrixCloud.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25672
                                                                                                                                                                                                                        Entropy (8bit):6.605034445140792
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:RWXBXaETcBwnz42/Dq7e8IcQV+BV5KIKfrJKHyYiRvMZaAMxkEi:RWX195R7Nxx2
                                                                                                                                                                                                                        MD5:9E262FAC2D942820EAFC4B8FF3EF624B
                                                                                                                                                                                                                        SHA1:A09C2082175248F0EAA37C37227A8F0DEA1211F2
                                                                                                                                                                                                                        SHA-256:17DCC379F4FAC642807BF0F61D2EE405BF9500B8831BFFFDC16056BF0219CD79
                                                                                                                                                                                                                        SHA-512:F2AB57E3DF2D5FA418110108F0ADA1B75987FC3A603B00D023F05EE4E59E394066EBD6A8EB53BBC401A9C629926449BF9914399396AA790AF43D74F874120B83
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;.g..........." ..0..2...........Q... ...`....... ..............................B.....`.................................vQ..O....`...............<..H(..........tP..8............................................ ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................Q......H........)...&...................O........................................(....*:.(......}....*6.s.....(....*6.s.....(....*..(......%-.&r...ps....z}......%-.&rE..ps....z}....*..(......%-.&r...ps....z}......%-.&r]..ps....z}....*..*...0..-.......~....r}..p.o.......(....,...(.....o....o ...r...po!...-.(...++%.o....o ...o#...o$.....>...%..,.o%.....~....%-.&~..........s&...%.....(...+...,....((...,!.,..r...p..B...()...&(*......p....((...-..r...p.o+...-!.,..r...p..B...()...&(*.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.AspNet.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22600
                                                                                                                                                                                                                        Entropy (8bit):6.611132321795593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:7ufbzhnrtZp529NOPpQVLBZaxFWJNhIYiArevi5AM+o/8E9VF0NyDbyU:7S5R4+QVlZaxFWJN2YiRvwAMxkEP
                                                                                                                                                                                                                        MD5:BC7BF996A12FFB084339159AA0CE784C
                                                                                                                                                                                                                        SHA1:817420855098826EDDB70393A36C851F1444AF16
                                                                                                                                                                                                                        SHA-256:17A22433AD72921DFE57DDEBB050778D87CA4EB7529A53A5703D0BED82AF790F
                                                                                                                                                                                                                        SHA-512:6700DFCD4D87607549D14A2F5270733E52997A6FAD022CCDA3F43E6F311C2AC95D537B0B2760089F67CED64E48EA0521EFBDEAA16BC175B81305C6CC5A1292BD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F............" ..0..&..........VD... ...`....... ..............................z.....`..................................D..O....`...............0..H(...........C..8............................................ ............... ..H............text...\$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................7D......H........%.......................B........................................(....*:.(......}....*..{....*"..}....*...}.....(......%-.&r...ps....z}....*....0..G.........(....}.......}.......}.......}.......}......|......(...+..|....(....*.(....*V.....( ...s!........*^.("...s#...}.....($...*.~....o%...*..{......%-.&r...pr'..ps&...zo'...*..0..F........o(....+(.o).....{......%-.&r...pr'..ps&...zo'....o*...-....,..o+....*..........4;......2.{....o,...*....0...........{.......o-...*:

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.CitrixCloudCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):49224
                                                                                                                                                                                                                        Entropy (8bit):6.362948578477237
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:r8KsfcRmiJ4C//lxluy0ddSyyx3HTkwK6BjPV4WVf6WEJoJiUJJ6bYiRvRlAMxkf:lQcRmCnlxluy0dor3AWVyc67Nzxg
                                                                                                                                                                                                                        MD5:668B1CD45B240298EF62A7E549235C65
                                                                                                                                                                                                                        SHA1:28E28283FCC24402858D6CE05C3AA73C3194B74C
                                                                                                                                                                                                                        SHA-256:CB879AA6E9BAF5C3A8BCCD0B898C85C1608A23236332FFEC65F1AA51CB63766F
                                                                                                                                                                                                                        SHA-512:5A4E900DDF9DC93DBB82B22EECA5975D977AFDC08B6F597AE422AE8FBD0258143711BE329F497AE8E29D3D993F634C9A93BC30D0CB447939BC37492810F0A65E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$|c..........." ..0.................. ........... ....................................`.................................a...O.......................H(..........X...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........F...d...........................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o ...*.*.*. .U.. )UU.Z(.....{....o!...X )UU.Z(.....{....o"...X*...0..b........r...p......%..{.......%q.........-.&.+.......o#....%..{.......%q.........-.&.+.......o#....($...*..{%...*:.(......}%...*....0..)........u..........,.(.....{%....{%...o....*.*.*v .=.. )UU.Z(.....{%...o!...X*..0..:........rE.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):54856
                                                                                                                                                                                                                        Entropy (8bit):6.269511335719007
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:69alnxa2Y4RUTHTS4Z3Xdjr1ixsxhd6Mb7eFz/ZO7DOpJmpYiRvGIAMxkEN:IalO4RUXS4ZnCxvz/DG7NTxJ
                                                                                                                                                                                                                        MD5:5CBCC371CCAAA71FB6864CA6A3807C37
                                                                                                                                                                                                                        SHA1:67349B8D617BD3704FDFF524EA1047B826B61681
                                                                                                                                                                                                                        SHA-256:3F9617749B70623406B8EE7A47A6CC2886858F0B5DF85769E282541C91FBC319
                                                                                                                                                                                                                        SHA-512:703AA18A74435195F32655C8BF67C3C07F5FAC97A9236EFC25A981F05CFF74B151E9D7A83414C57D9C8F7440117111D90210DA26F87D408DE5328A768DE26D0F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....VR..........." ..0.............Z.... ........... ....................... .......n....`.....................................O.......h...............H(.......... ...8............................................ ............... ..H............text...`.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B................9.......H.......|_...^..........p...0.............................................{$...*..{%...*V.(&.....}$.....}%...*...0..A........u........4.,/('....{$....{$...o(...,.()....{%....{%...o*...*.*.*. F.f. )UU.Z('....{$...o+...X )UU.Z()....{%...o,...X*...0..b........r...p......%..{$......%q.........-.&.+.......o-....%..{%......%q.........-.&.+.......o-....(....*..{/...*..{0...*V.(&.....}/.....}0...*.0..A........u........4.,/('....{/....{/...o(...,.()....{0....{0...o*...*.*.*. ..]W )UU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Interfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19016
                                                                                                                                                                                                                        Entropy (8bit):6.707869470110094
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:iq4fUvlyFfJmB8TzJ7gIYiArevAdAM+o/8E9VF0NyZ5OW:iqrB8TzJ7pYiRvuAMxkE0W
                                                                                                                                                                                                                        MD5:DA5F5CC91379DA00A7E5B102FD6D23C6
                                                                                                                                                                                                                        SHA1:EF8AB8BA425AC1570AA55C7BAD58D3C14812B066
                                                                                                                                                                                                                        SHA-256:D95A7899A381D0BF887F4EAE412B7DC5590833E87ED3892FACB276122DECAF19
                                                                                                                                                                                                                        SHA-512:7272B58998428F0FB992521AAB0762FB3AD39A1E94B8C7CF6852E110886AE17BB7A1FEC4FA9A70ECD038EBC337B2B6DC9D21E5D5293501E5B686DE73584BD1AA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w............." ..0............."7... ...@....... ..............................A.....`..................................6..O....@..............."..H(...`.......5..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................7......H.......h ......................\5........................................(....*:.(......}....*.BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob...........W..........3........!...........$..................."................................._.........f.......................*.4.....4.....4.....4.....4.......................4.....4...........4.....4...h."...............a...........3.....q.F...7.F.........T.F...........A.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Models.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.738944150774985
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ZsQLxuNtRtyZPJBTIYiArevoCbAM+o/8E9VF0Ny58Y:6U0PtyZPJBcYiRvLbAMxkEAY
                                                                                                                                                                                                                        MD5:8EFBE7AFA76BFB08ED1DBA339F2997EE
                                                                                                                                                                                                                        SHA1:2C353D78FEA351F0EE196C4351C91DD9C144A2EC
                                                                                                                                                                                                                        SHA-256:5110D6ADA044AB0692E6192726EA572EC1554595F423CFE21CDCA42B37061BF4
                                                                                                                                                                                                                        SHA-512:9367DA4B851665B9E3EF9CDB920496302CB1E9BF1A18CF58061F58F23273AEDDE31377E413637CE6A279E945DD75CE52A460C886C54DA03DBB2EB40A9CD6207B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............" ..0..............2... ...@....... ..............................[=....`.................................m2..O....@..t...............H(...`......|1..8............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................2......H.......d!.......................0........................................(....*:.(......}....*...r...p(......}......}.......}....*..{....*.r...p*..{....*..{....*...r!..p(......}......}.......}.......}....*..{....*.r)..p*..{....*..{....*..{....*.r1..ps..........%.rE..p.%.rO..p.%.r_..p.s.........*n..rq..p(......}......}....*..{....*.r}..p*..{....*BSJB............v4.0.30319......l...H...#~..........#Strings............#US.T.......#GUID...d...4...#Blob...........W..........3....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Authentication.Profiles.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):46664
                                                                                                                                                                                                                        Entropy (8bit):6.319650178080353
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:QDSCtoEQ7jyt8OJeelFfUXKzjdx4DDCQ2y7HXICDRhtfiHG+BX09lJlRYiRv3AMc:QD9oEejyYYuKziNwGVl7N3xS
                                                                                                                                                                                                                        MD5:51BB9394E9A5E9B4B2BE1EAA2E93F231
                                                                                                                                                                                                                        SHA1:2C83B1DB7ADD9B828CDF3BC37A9B50A7A4F6D08E
                                                                                                                                                                                                                        SHA-256:8DDF765762FB0897C183E8B91F25FF77137878DC2E491EBC0ADF6DAE1C6856B0
                                                                                                                                                                                                                        SHA-512:F76A0D1D60C986595F7105FD207176577B0CE85D2368E152BD88B4990FA8B2B44095EA4DD330D95E97D560D266535E52479D88C487AFDA4B0C93A1D0ED1DEE2C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.(..........." ..0.................. ........... ....................................`....................................O.......................H(.............8............................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........E...[..................l.........................................(....*^.(.......S...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..[........(....s....}.....(.....{....r...pr...p.sr...o....&(....( ...,..{....r...pr...p.sr...o....&*2.{....o!...*6..~....o"...*..{....~M...%-.&~L.........s#...%.M...(...+(...+*n.(&...-...(....*r;..ps'...z..0..[........{....o!...(...+o(....+...().....{.......o*...,..o+.....(,...-...........o+.....{....o-...*.........+A......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.CasDispatcher.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):27720
                                                                                                                                                                                                                        Entropy (8bit):6.5691877478747145
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:LOvEllllllllllllllvtwFpItnJ1/YiRvOAMxkEojNi:yglz7N8xEi
                                                                                                                                                                                                                        MD5:CBA0DEFCCDB368E999531D6BE4F88655
                                                                                                                                                                                                                        SHA1:930A663626F0C065433A72881BB913D049739DE7
                                                                                                                                                                                                                        SHA-256:2C19BE0F0658C4BA102D2D3F99D0CB6DC21F96EE14344FC338F94A3C2A363E37
                                                                                                                                                                                                                        SHA-512:2D0D0BD7798F71B868D8678670BFBB80CE7145A9D658196F925778CE605B4935E5C7835FF25585536EB166CE6237F9F4115B9E0B6331C9F1875425CA363E36FA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..:...........Y... ...`....... ..............................Me....`.................................;Y..O....`..x............D..H(..........\X..8............................................ ............... ..H............text....9... ...:.................. ..`.rsrc...x....`.......<..............@..@.reloc...............B..............@..B................oY......H........+..4,...................W........................................(....*^.(.......5...%...}....*:.(......}....*:.(......}....*:.(......}....*.~....*..(....(....-..(....(....-..(....(.......*.*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0...........r...p}.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cdf.Net.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):47176
                                                                                                                                                                                                                        Entropy (8bit):6.038720260113635
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Ieg0EotREcM4AmGZdUbmGC62XO3+C1dJhJf9ZnnhXDHgpkbPkUpcnxLVJTNYiRv+:JlGZdUbZuCXZTW77Nax3x
                                                                                                                                                                                                                        MD5:9D065F048CB112788F9B86246A19337D
                                                                                                                                                                                                                        SHA1:19377674B7CCD76DB7AEE6F4EE7FEDC790D16155
                                                                                                                                                                                                                        SHA-256:22CBBD6AD5DCF737D649C64C1513B7391FC6C75036B43D554E2331F31169CBDC
                                                                                                                                                                                                                        SHA-512:63B9A6A06CF3674CDD68030E1FC6F84631F19A1CC7A1D9FDBECB2DB351D8F01DD02875D3612418BDB3C4D3540BE20CF23CB153DBF3AAB5A21AC9B08637F80E10
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=e..........." ..0.............&.... ........... ..............................Z.....`....................................O.......0...............H(..............8............................................ ............... ..H............text...,.... ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B........................H........B...`..................x.........................................(....*:.(......}....*..{....,..{....n.j_,..{..........*.*..0...........(....:.....................s=...}........}x......}w....{....~............|....(......,2r...p..(....r;..p...........o....(....( ....s!...z...*...0..Y.........{g......j3.s"...z..}.........}.....{....,+..(.... ....Zn(......(....}......(....}.....*6.{.....(....*..0..X....... .............Z.ZX...9...%.,...i-....+....9..........|N....}G...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.AclStore.Rest.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):194120
                                                                                                                                                                                                                        Entropy (8bit):6.18176294436587
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:mDUWsjwYId2aN1T8XVa42JqQguKCfkRMhY:JjZIdbNt8XVOkuK8kaY
                                                                                                                                                                                                                        MD5:721A2033C8C29E8CFF307B552A8FF265
                                                                                                                                                                                                                        SHA1:57B9F2F7AA566596B6A7B69ACB598E12C1C8B1F6
                                                                                                                                                                                                                        SHA-256:29F948EA5EEA4BE8FBAC484AFB14AD96A8E8FBA4C3D177BA42319900CC8E21CB
                                                                                                                                                                                                                        SHA-512:74E743A7BEC1402600555B796C410FAA626A4F2AC3684CF93DE8567EA0EC035FB847766139BCDFD0FE8493E740E7D1979B42F3E945834654981B0896BE9F79C2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............z.... ........... .......................@............`.................................&...O.......|...............H(... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...|...........................@..@.reloc....... ......................@..B................Z.......H.......$s..tn............................................................(....*:.(......}....*..(....*..0...........(.....-.r...ps ...z.(!...("...(.....(!...("...(......oP...(Q.....oX...(Y.....oZ...([.....oR...(S.....oT...(U.....oV...(W.....j(.....r)..p.(T....(P....(.....g...(#...(....*..{....*"..}....*..{....*"..}....*2.s$...(%...*2.s$...(...+*J.(^....s'...(....*..{....*"..}....*.0...........(R...((...-IrA..p.. ...%..(T...o)....%..(P...o)....%..(V.........%..(R...o)....(*..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.ServiceRegistry.Grpc.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):167496
                                                                                                                                                                                                                        Entropy (8bit):6.037779519535388
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:greonA9sTS4a/lc6QwBpODQYTn6G3xdsiy6hu:grPnA9sTS4QOygDoMxLHu
                                                                                                                                                                                                                        MD5:0B180A15CE3684EF9C10E8DBB3841D15
                                                                                                                                                                                                                        SHA1:EE08D3F6B099F89F9B503884B377721B9EA946F9
                                                                                                                                                                                                                        SHA-256:159E155671CC38BB2F2A405D700C66F7CAE914199D8D43CFB81337F77A462597
                                                                                                                                                                                                                        SHA-512:744FBD1253C60A919B9AFB8C9A54FAA281D6AB61AFB97F8B1B7DEB37BA6DF3E926002719F8151564F74B7AFDED50EF9A81F41EB58D0EE515A43509D9008E1A90
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i............" ..0..\..........>{... ........... ....................................`..................................z..O....................f..H(...........y..8............................................ ............... ..H............text...D[... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B................ {......H...........D...................Ty........................................(....*^.(.......A...%...}....*:.(......}....*:.(......}....*.~....*....0.............B...%.r...p.%.r{..p.%.r...p.%.ro..p.%.r...p.%.rc..p.%.r...p.%.rW..p.%.r...p.%..rK..p.%..r...p.%..r?..p.%..r...p.%..r3..p.%..r...p.%..r'..p.%..r...p.%..r...p.%..r...p.%..r...p.%..r...p.%..r...p.%..r}..p.%..r...p.%..rq..p.(....(..........%.(.....%.(.....%.(.......G...%......( ....%......( .......I...%......( ...(......B..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.ServiceRegistry.Rest.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):184904
                                                                                                                                                                                                                        Entropy (8bit):6.204772624689667
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:OR8DPG0LtfY3im2u/+MZp92+MZp97/ue5FjFh/:On3im85n/
                                                                                                                                                                                                                        MD5:0A6255E47D15CAD061E0854ECE86CB1E
                                                                                                                                                                                                                        SHA1:E430AB42AF0F0938BEFFF4C075B42086FAC09F3B
                                                                                                                                                                                                                        SHA-256:F45645572DCEA6B29D231BE6BDE587733ED45FE14C4A48AB148EEABC933963F8
                                                                                                                                                                                                                        SHA-512:28CE1274F08A5F7B080C157502E088D697DCCB25A2570345E4A26C93CD285780DB623961E1C2E4A8D5319BAA1C58764A027CED9A97D7DFE1B4E55D5C291DF154
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ..............................3~....`.....................................O.......................H(..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..H\..................(.........................................(....*:.(......}....*....(9...........s....s ...}....*~..(:...........s....s ...}....*.s!...*2.{....o"...*.0..8.......sy...%.}....%.}....%.}......z...s#...(...+o%......(&...*.0..O.........('...}.......}.......}.......}.......}.......}......|......(...+..|....()...*..0..G.......s{...%.}....%.}....%.}....%.}....%..}......|...s*...(...+o+......(,...*..0..a.........(-...}.......}.......}.......}.......}....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Cloud.VirtualSiteRegistry.Rest.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):127560
                                                                                                                                                                                                                        Entropy (8bit):6.326467465089946
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:tmG9Er+pQ3TAw7epE+bNYDXf5mjwVhQvB/bnNXjOXlIT6Mvt2LSUCw6IWhjNcRl8:+ITJULS/hjNcJsWTlfvnDCpz0VhA
                                                                                                                                                                                                                        MD5:0FA35FB541FDC8C5F0A5F62B8DD641AB
                                                                                                                                                                                                                        SHA1:130F4BD6DBE506528A0BF2B7F7C3B4EA9B10AA38
                                                                                                                                                                                                                        SHA-256:59CCCAC133B3AC2E3B67A16E31C59ACAB4EC3525DED7D056D606A42783AED18D
                                                                                                                                                                                                                        SHA-512:15D95D8FDB290F22CF6418902FE2EFAFA7E396CB244C889E46E324D1AC2E936C61031BC46F3B48286AA4C41E2B812723316C9D039224DEC90555AA3BFD519436
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z............" ..0.................. ........... ....................... ............`.....................................O.......................H(..............8............................................ ............... ..H............text... .... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............#..................$.........................................(....*^.(.......K...%...}....*:.(......}....*:.(......}....*:.(......}....*....(3...........s....s....}....*~..(4...........s....s....}....*.s ...*2.{....o!...*...0..8.......s....%.}....%.}....%.}..........s"...(...+o$......(%...*.0..O.........(&...}.......}.......}.......}.......}.......}......|......(...+..|....((...*..0..1.......s....%.}....%.}..........s)...(...+o*......(+...*....0..G.........(,...}

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Common.Headers.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23112
                                                                                                                                                                                                                        Entropy (8bit):6.488949370691656
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:vP8NmEL4pKbn0vF7W9Dpo8JY8w0Xcz+hEqJceIYiArev5FRZAM+o/8E9VF0Nyrzz:v8pmvF7W9Du8U+hEqJczYiRv5FRZAMx5
                                                                                                                                                                                                                        MD5:CA55B5E1DFD83BC1CFAD82EC79BEE127
                                                                                                                                                                                                                        SHA1:221363BDE408447938E64EC808F408B41DDE1D1A
                                                                                                                                                                                                                        SHA-256:1035262E75CABF3F47CFB38EDF49AF323C88C7DA7D3415C49B0722B925211754
                                                                                                                                                                                                                        SHA-512:B388F164F44C6A30E3E64873A43B14E80CC53B4C63034235ABB11CAC4A8190378740AEE0A528FF892B128A4BE2C71D83D09140B9B6B146349F41CCDE8B2F7103
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..(...........G... ...`....... ...................................`.................................GG..O....`...............2..H(..........`F..8............................................ ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B................{G......H........!..0$...................E........................................(....*:.(......}....*..0..<........r...p..o....,.......(...+*.r'..p..o....-.~....*......(...+*.0..S................rQ..p..o....,...(.....+0.rm..p..o....,...(.....+..r...p..o....,...(......*..0..b................rQ..p..o....,...(....(.....+:.rm..p..o....,...(....(.....+..r...p..o....,...(....(......*...0..#.............(...+..,....(....,....(.....*.BSJB............v4.0.30319......l...|...#~......D...#Str

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22088
                                                                                                                                                                                                                        Entropy (8bit):6.654255523545091
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:r4mOy86EKqZoZaz8tFNxMAHtgmPRrS9viEJieJ6wtIYiArev3DAM+o/8E9VF0Nyz:r4mOYPT/hWiEJieJ6w6YiRv3DAMxkEV
                                                                                                                                                                                                                        MD5:CB50D2D2E96BF90AA7184E38164EB909
                                                                                                                                                                                                                        SHA1:A984D06936B31071FC86E9E23F0C7667992797D9
                                                                                                                                                                                                                        SHA-256:E6612CAEDA0342A5D510C098E3BAE965E5309A4253129C17CD82A72BC57BF501
                                                                                                                                                                                                                        SHA-512:ACF0E4439F6BB716AFEAA19CC2BFB31B9BC947378999FE5E5BC207C374ACC23854153A1E3DE80F909BDD25201B1DB22D27F7AA6AB5BC4A526A780D215CBD7B23
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....@..........." ..0..$..........jB... ...`....... ....................................`..................................B..O....`..h...............H(..........$A..8............................................ ............... ..H............text...p"... ...$.................. ..`.rsrc...h....`.......&..............@..@.reloc...............,..............@..B................LB......H.......H'..\....................@........................................(....*:.(......}....*..(....*"..(....*.0..G.........(....}.......}.......}.......}.......}......|......(...+..|....(....*.s....%s....o ...%s!...o ........r...ps"........r...ps"........*&...(#...*"..($...*&...(%...*.0..G.........(....}.......}.......}.......}.......}......|......(...+..|....(....*.s....%s....o ...%s!...o ........*&...(&...*.s.........*..('...*..0..$.......s.......}....~...........s(...(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22600
                                                                                                                                                                                                                        Entropy (8bit):6.6432301090948735
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:TEtAgP7Yl7FpmTkNprFeSNatxXmLmiwUfoEJAtIYiArevi2AM+o/8E9VF0NypDr:TGGmAgTNUfoEJA6YiRvJAMxkErr
                                                                                                                                                                                                                        MD5:477F3D656D433C5789FF83DEF3ABBA1E
                                                                                                                                                                                                                        SHA1:ED347682C8A956688825D0DAEA20F0F05E3F32E9
                                                                                                                                                                                                                        SHA-256:56AC791CA110ABEA5F189B8F92B8EB2C0936CD1ADA073DB2F5518018F618DBE6
                                                                                                                                                                                                                        SHA-512:A458DF13BE83BC6DA4F5865EB192A252FECB4C9A2781BD9CF2528ADE45BEA56C67F638F5834683DB69E47C6A57E3F0D9991D6F129B0222B1B0539AE4F62FD0E3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....M..........." ..0..&...........D... ...`....... ....................................`..................................D..O....`..\............0..H(...........C..8............................................ ............... ..H............text....$... ...&.................. ..`.rsrc...\....`.......(..............@..@.reloc..............................@..B.................D......H........'......................(C........................................(....*:.(......}....*..0..<.......s........o....}......{....o...........s....(.....(....o....*.0..=.......s........o....}......{.....o...........s....(.....(....o....*....0..G.........( ...}.......}.......}.......}.......}......|......(...+..|....("...*..(#...*..($.....%-.&r...ps%...z}......%-.&r...ps%...z}......(....*...jU.*R.{.....{......o&...*...0...........{....o'...,t.{....o'...o(....+!.o).....('..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Compression.Interfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16456
                                                                                                                                                                                                                        Entropy (8bit):6.859765106666663
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:8t7nyd+GgNyJVWIYiArevfNAM+o/8E9VF0NylLG:8t7nFGgNyJVLYiRvlAMxkE7G
                                                                                                                                                                                                                        MD5:A58DD18630EBF6BF4838A48B3899E5F7
                                                                                                                                                                                                                        SHA1:1602F4A218FADC46C73116F2CB81BF3AF47728D7
                                                                                                                                                                                                                        SHA-256:0B840890D42757111BD584CEA1136CBCA9AA9C206B549198C06B9F71BE27B63C
                                                                                                                                                                                                                        SHA-512:79B2934E3072AD316B05C4EF54C3210740ADCE36D49F8D42FF5A1BD31FC383BF046C7C2949F207C82A2928C619E924C25B591ED2F4EEE4CF7A7D2AA6B4662654
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............-... ...@....... ..............................L.....`.................................S-..O....@..................H(...`......`,..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......h ..x....................+........................................(....*:.(......}....*.BSJB............v4.0.30319......l.......#~..X...,...#Strings............#US.........#GUID...........#Blob...........W..........3......................................................................u...f.u..... .....................M.........................V...7.....0.....M.......u.........s...........h.u...z.........................................................V...Q...........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Exporter.Cas.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24136
                                                                                                                                                                                                                        Entropy (8bit):6.624552640809122
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:WLqp0YOGoyQsOex23LvoZr2WdJO4IYiArev5AM+o/8E9VF0NyIg/:WLqyYo97sr2WdJOhYiRv5AMxkER/
                                                                                                                                                                                                                        MD5:599C759840731A21FAFDE0F4E245F584
                                                                                                                                                                                                                        SHA1:9C0B0AD09CE19EBD9031F76F43E844C3E553D455
                                                                                                                                                                                                                        SHA-256:D9C23AE0897753486EDC182A0FC62C9A660FEA00B63308D60521B4482603BED4
                                                                                                                                                                                                                        SHA-512:12DE866BDBD384C233B38DBB47C939A9F6148A07CEA89778F9353FED7F505E4C43655DFF6D046496379797C5724D4B722C259E693A9CE1A73328E461A1407AEC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..,..........&K... ...`....... ....................................`..................................J..O....`...............6..H(...........I..8............................................ ............... ..H............text...,+... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................K......H........(..` ..................TI........................................(....*^.(.......-...%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*"..}....*..{....*"..}....*..0..w........(.....s....%.......s....o....%.......s....o....%.......s....o....%.......s....o....%.......s....o ...}.....{....(!...*..("...*..0..A........(....-..*.(#...%-.&.+$~....%-.&~......!...s$...%.....(...+,..*.*....0..W........(....-..*..(&......('...(....,5.((...%-.&.+$~....%-.&~......"..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Exporter.NewRelic.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22088
                                                                                                                                                                                                                        Entropy (8bit):6.673022199433114
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:DhEtJY/z/n8Ib5BAcaYNC1auuDcVSQJKbIYiArevse3dAM+o/8E9VF0NyFcr:DGta7/L5iUC114cVSQJKkYiRv93dAMx+
                                                                                                                                                                                                                        MD5:3A6E269F66BD01268AD1F23553C05BBE
                                                                                                                                                                                                                        SHA1:B6836B22BFD82ADD9FF0BC5BA603D32C1B59B45A
                                                                                                                                                                                                                        SHA-256:882B0268A55CC0EA17FD3028286421B55BF4694477ED6F108C1EAF82CFAC4F3A
                                                                                                                                                                                                                        SHA-512:B449F55034C9D6AC8ED7D07251C73312817A616A6196127A5B3F5EBFE2BB0E6E6715652630DA3EA23801A6FD237B2CFBB8F8C8706D40B7BCB0FE294393A1A205
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..$...........B... ...`....... ....................................`.................................hB..O....`..4...............H(..........`A..8............................................ ............... ..H............text...."... ...$.................. ..`.rsrc...4....`.......&..............@..@.reloc...............,..............@..B.................B......H........$.. ....................@........................................(....*^.(......./...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(.....o.....o.....o......o....(......(....&s......o....,..r...p.o....s....o ....o!...,..r1..p.o!...s....o ....o"....1...(#...&.*....0..e...............($......rS..p.o%....2...(&.....rk..p.o'...(&.....r...p((...(&..........(#...&.....,..o).....*...........KY........{....*..{....*.0..........s.......}.....(*....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Http.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20040
                                                                                                                                                                                                                        Entropy (8bit):6.70260678475608
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Hsylfn6aa0P1Naz0k1J89IYiArevXxAM+o/8E9VF0NyI2:HsydM0P1oz0k1J8qYiRvBAMxkE3
                                                                                                                                                                                                                        MD5:ED68E0C991A0EF1B5EF21ECF788E67E2
                                                                                                                                                                                                                        SHA1:FA2C160CDCC9609D9A89E12CA71B041A6818271C
                                                                                                                                                                                                                        SHA-256:CF0F789C2D693A0F4787C2C3BF5DE84FB7802DEF645A7FA425EF30330FC56DF7
                                                                                                                                                                                                                        SHA-512:B1F657FD7B7D70842833908E3C8CF1AD7FF020EEC175B8D565BE78BF6BBCC6F89EE7011258AE98268C48CBE2E7C5B041B8863CB12A5B036C7240D9D91F0C6909
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....G..........." ..0..............;... ...@....... ..............................%.....`..................................:..O....@..H............&..H(...`.......9..8............................................ ............... ..H............text...4.... ...................... ..`.rsrc...H....@......................@..@.reloc.......`.......$..............@..B.................;......H........#......................H9........................................(....*^.(.......$...%...}....*:.(......}....*:.(......}....*:.(......}....*2.(....(....*...0..G........-..*.r...p.(....o.....r+..p.o....o.....o....(....-..rC..p.o....o.....*2.(....(....*.0..G........-..*.r...p.(....o.....r+..p.o....o.....o....(....-..rC..p.o....o.....*..0...........,..(....-.(...+*.o....(....-L......%.r...p.(....s.........%.r+..p.o....s.........%.rC..p.o....s.........*......%.r...p.(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Tc.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23112
                                                                                                                                                                                                                        Entropy (8bit):6.620992659103798
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:1+8QtyXycbFzeCoYpiZhnQxpb/JDRIYiArevmvkAM+o/8E9VF0Ny5vY7N:1StyXycxC4pirQxpb/JDGYiRvmvkAMxq
                                                                                                                                                                                                                        MD5:9C4368C045C63F9E5716384F5A8FCEEA
                                                                                                                                                                                                                        SHA1:22EB0E5691A8B8B813EBF1E881C949EEBBDA9E3A
                                                                                                                                                                                                                        SHA-256:BB9CF1434572A1B8E39B1C7BB532007FD0914F77F37122513998BAEF5AE89357
                                                                                                                                                                                                                        SHA-512:FECC53D314B4775E4C6799D676D770939298E74F50B63D30F7B8AB04B66799CE3B24616DDC888A6878A52A3397341B4D37624644EBC212BCC6329C495E907F0F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...53\..........." ..0..(..........fF... ...`....... ....................................`..................................F..O....`..8............2..H(...........E..8............................................ ............... ..H............text...l&... ...(.................. ..`.rsrc...8....`.......*..............@..@.reloc...............0..............@..B................GF......H........(.......................D........................................(....*^.(.......*...%...}....*:.(......}....*:.(......}....*:.(......}....*F.,...(....(.....*J.,...(.....(.....*...0...........-.~....*.u(.......(.....(....*..0..'........-.~....*..w.o....X(.......(.....(....*..0..#........-.~....* ....(........(.....(....*..0..$........-.~....*. ....(........(.....(....*.0...........o.....1..r...po....&.r...po.....=o.....o.......( ...o....&.r...po....r...po.....=o.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Wcf.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24648
                                                                                                                                                                                                                        Entropy (8bit):6.545012406141968
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:1BfCJBNDRY0P+OtYHlmJlhHJpHYiRv8JAMxkE9:7ClX7NmxB
                                                                                                                                                                                                                        MD5:20D8B0D4D5624CC8FF32FB1D2214CBD2
                                                                                                                                                                                                                        SHA1:E731DF55FAE77123822079C2147E26A088E3111C
                                                                                                                                                                                                                        SHA-256:9D4BD1F882FEB72A13185694D6805875FCC35DABCEA6E53C65645528A2C0759A
                                                                                                                                                                                                                        SHA-512:773E4D1E915B9734FB671E8D206E9282782EA2B6FA9E69B28573AF91D0844BE246CF52C5A5C92EAD8CE1BB9D83F2A31EFEF3280315CD303BE179E605F89B8F32
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y............" ..0..............L... ...`....... ....................................`..................................K..O....`..x............8..H(...........J..8............................................ ............... ..H............text....,... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............6..............@..B.................K......H.......8&...#..................(J........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*v.(......%-.&r...ps....z}....*...0...........-.*(....s......o.....o....(......o....o.....+7.o.......o....s....%.o....%.o ...o....%.o!...o....o"....o#...-....,..o$.....o%....s....o&...*......-.Cp.......0.............Po'...r...pr/..po(..........Po'...ry..pr...po(...........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.Wcf.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):31304
                                                                                                                                                                                                                        Entropy (8bit):6.472500166876117
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Iw5Du8CC8bYA+D9YfntYjJamCJ+aYiRvSAMxkEEF:dFJwd7NwxA
                                                                                                                                                                                                                        MD5:8B2C4296C32CBDBB6A2F083271800175
                                                                                                                                                                                                                        SHA1:CAAE081E50232CA561B8CACCCD034006323A6ACA
                                                                                                                                                                                                                        SHA-256:DF52989F9AAE116004896709ADAF8AFAC3B63A79C71E39EDC081674D401A6780
                                                                                                                                                                                                                        SHA-512:FB857267351B9A0FD6EB605B91EEBDE617454C87A23E7C37C44E7C7A0B8A3F8DD8EF94FC3E9A9A10EAA922905DF4BF8C305371B9D4C6CA5DDED5A6FF4617B026
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I............." ..0..H...........f... ........... ...................................`.................................ef..O.......`............R..H(..........Te..8............................................ ............... ..H............text....F... ...H.................. ..`.rsrc...`............J..............@..@.reloc...............P..............@..B.................f......H.......80...4...................d........................................(....*^.(.......D...%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*.0...........o....o...+..,..{....*.(.......o....(......o....,?.o....uG...,..o....o...+%-.&.s....(.....+..u........,....(......-..(......9.....(....9.....r...pr...po ...&.o!...%-.&.+.o"...%-.&.+.(#........($...,Z.r-..p..o%...o ...&..o&...-..rI..p..o'....J...o ...&.re..p..o

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.Instrumentation.WebSocket.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22600
                                                                                                                                                                                                                        Entropy (8bit):6.714648299838686
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:BW0nrukDGiPz1WhaV9UX0+xYJZfIYiArevRpAM+o/8E9VF0Ny5n:BWYOgTUX0+xYJZgYiRvnAMxkEr
                                                                                                                                                                                                                        MD5:16D844431016875992DFA41BAE2BAB9D
                                                                                                                                                                                                                        SHA1:D3B39DB7D5EACD3A2703EC6F3B66372B01E8F587
                                                                                                                                                                                                                        SHA-256:E930DB0AB589F549617BF0A750C1F7C11B6CDAF0B5FF8578069AFEBC7BD3F1F7
                                                                                                                                                                                                                        SHA-512:62EC9E4638B908675731C83CCC4833CED83F3D4AD8ABC807E81F19FD44279D50E5C216E8341729E84662586A6F23F301A3F895A3A12EE0BE6F15D12D708E8926
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... y............" ..0..&...........E... ...`....... ..............................g.....`..................................E..O....`..t............0..H(...........D..8............................................ ............... ..H............text....&... ...&.................. ..`.rsrc...t....`.......(..............@..@.reloc..............................@..B.................E......H........&.......................D........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*....0..h..........%- &~....%-.&~..........s....%.......s..............o.............o.............o.............o.....*..r...po....&.r...po....&.r/..po....&*..r...p.o....o ....o!...,..r...p.o!...o ....r/..p.("...o ...*..0..I........o#...o$...t......rY..p.o%...o&...r{..p.o'...o&...r...p.o(...o)...o&...&*....0.. ...........o*...&.,

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.DistributedTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):69192
                                                                                                                                                                                                                        Entropy (8bit):6.264733602895141
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:cpzUlctlFuJbvsrc7rvBwzqKeJ48+jUEcmBbUypbQSvSTRJ307Ngxx:cNUEy57LurYElwypbQSvSTRJ30h8
                                                                                                                                                                                                                        MD5:A2C8CA22B2E02CA78C1EA9EDC2FEB3AF
                                                                                                                                                                                                                        SHA1:6670DE0969B24A95EDA2D6BE22265356E4E2045B
                                                                                                                                                                                                                        SHA-256:EEDA7BB49EB75253F75B4CDDF57CED2AE979F565D1CB51C6BD0F5D6B61A40EC9
                                                                                                                                                                                                                        SHA-512:E2CAFCC5D5F5930EE95D88A917A23A4713196F647CE4C7649A86F3FC0B08071E99FFFFAD7470466607BA12EA4B1572AFB6E7B47795E83EF65D3DF6D3AC263020
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@....... ....`.................................U...O.......................H(... ......l...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........Q..............................................................(M...*..(....*^.(.......[...%...}....*:.(......}....*:.(......}....*:.(......}....*..(....*.0...........,z.u\.....-y.u]...,...]....+m.u....,........+l.u......-s.u....,.........+k.u....,.........+d.u....,.........+].u........-\+kr...p..+o...+j..(....(......+Z........o......+I.(......+?..(......+4..(......+)..(......+....(....o......+..(....(........*.0..?.........(......,...3...+...(.....s ....+...(!.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Exceptions.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):37960
                                                                                                                                                                                                                        Entropy (8bit):6.09808293631293
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:J3he2WPC+hmYnq+dCVeYsBjpKk7J89YiRvnnAMxkE//:J3U2FtOnc7NHxz
                                                                                                                                                                                                                        MD5:633ABDEDBBA47C5260310CAA5A01EFF4
                                                                                                                                                                                                                        SHA1:4DC7B568CB2A4333D083A4055A2B5B3F6E9D1FFA
                                                                                                                                                                                                                        SHA-256:79ED4AB4CE38C8000C281A9BF576104D35EBC64F1283393CC9D10E921AC82A4E
                                                                                                                                                                                                                        SHA-512:DA25D0E51F2556BD21FD077A3BE925FE352F4727437B9BE4073DF419AE46FC728D5FF308FD51DB4A3F52CE3A341E8B412AB597770E5A96EF595B1174479CBDEA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<o............" ..0..b..........>.... ........... ...............................G....`.....................................O.......\............l..H(..............8............................................ ............... ..H............text...D`... ...b.................. ..`.rsrc...\............d..............@..@.reloc...............j..............@..B........................H........2...=..........8p..H....~........................................(....*:.(......}....*..0..A........,$..r...p...o.....o....(....(...+(.....u......,...o ...*..(&...*..(!...*2.rM..p("...*..(#...*"..($...*6.~%....(&...*&...(&...*&...('...*....o....s(...s)...%r...pr...po*...%r...p.o*...s+...*..{....*..s,...}.....(....(-....,..{.....o....*....0...........o....s/.....{....,~.{....o0....+W..(1....r+..p..o2...,"r-..p.o2...(...+(4.....r1..p(5.....r7..po6...&...o7...(5...o6...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Exceptions.Interfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16968
                                                                                                                                                                                                                        Entropy (8bit):6.7452277550699336
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:zoV2utd/PJn6IYiArevcIAM+o/8E9VF0NyyA83:zoV/td/PJnHYiRv9AMxkEnO
                                                                                                                                                                                                                        MD5:E559481E52860DCC577A7CD5B8F08EA2
                                                                                                                                                                                                                        SHA1:1A086AECA80D780C484A3CE2CC2C8780A87EB8B7
                                                                                                                                                                                                                        SHA-256:4CEA89D89F0EE1B7DDA90E20C3B61A8B34C1379C7E3E313064187DB622D4B86F
                                                                                                                                                                                                                        SHA-512:42F450123AA7116F7A2F45680AE1C09361C0E58A04733BF9B747D7022172E3D9FB8A8B8D3C11A6CF17733876FB49792BFED204A2E2E5ACA2CFA81F47E99A1C7C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I]6..........." ..0..............-... ...@....... ...................................`..................................-..O....@..t...............H(...`.......,..8............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................-......H.......h ......................8,........................................(....*:.(......}....*.BSJB............v4.0.30319......l.......#~..`...X...#Strings............#US.........#GUID...........#Blob...........W..........3..................................................................q.......d.....................X...........'.................B.....;.....X........... .....~...........Y...........9.....t.....+.=.........8...........................G...Q.............Q.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Grpc.Client.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22088
                                                                                                                                                                                                                        Entropy (8bit):6.653053515563853
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Adquf9tJEJ4B2Nd3swGvUaPEJXhIYiArevXRqAM+o/8E9VF0NyxTGB:qquK6esxvUaPEJX2YiRvXwAMxkE2
                                                                                                                                                                                                                        MD5:CD3973489748BDAD684CB7F70D9F17CD
                                                                                                                                                                                                                        SHA1:2EA9471C00C86BAFE75C6AFC0283275486F57355
                                                                                                                                                                                                                        SHA-256:26917551F3A0B1F173DDA5C1092B5193947CEE3E572E8E2449DCB8016FBEE7CB
                                                                                                                                                                                                                        SHA-512:BD84A6E35789749BE272519A12944954390A128B317E9E78D0DB17A0C4D64F6698BCC2684239149002221222C5E3ED091154F17F4F19151D4A238D04F8A8657E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..$...........B... ...`....... ...............................D....`..................................B..O....`..l...............H(...........A..8............................................ ............... ..H............text...."... ...$.................. ..`.rsrc...l....`.......&..............@..@.reloc...............,..............@..B.................B......H.......`%......................,A........................................(....*^.(.......1...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..I.......s.....(.......s....%.(.....o....o.....o....o ...s!...%.o"...%.o#...($...*....0..........s.......}...........s%...(&.........{....o'...r...po(...,..{....o'...r...po)...u:.....{....o'...r5..po(...,..{....o'...r5..po)...u:.....(*...-;.(....s+....(,......{....o....o-....{....o....o......s/...*.(*...-@.s0...(....s+....(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Grpc.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):143944
                                                                                                                                                                                                                        Entropy (8bit):6.054928394796519
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:L0bv6otSBN6eSpiPeWX++yeoEzzSXjw0GefQr7DUBT9SOSCiIbrVVVxtsaVWMw75:LYSN6eNeWXFHoEzzBHeorkTMeVxtbwh3
                                                                                                                                                                                                                        MD5:346707D4707D88620D9C3C1108232620
                                                                                                                                                                                                                        SHA1:3E1D6A7252F2D137364894674565CA6075B77EB8
                                                                                                                                                                                                                        SHA-256:9C398B2C4E3A6938D8476232704AEAEAD986E8B6442C112303ADC900514FFBC6
                                                                                                                                                                                                                        SHA-512:14953DD9015F607A4CDCB211AE3C8613225FC3076D0172B02D5A05C4D247CB0865DA4B45F5E626D565488901D28CB3B1B52DB4C979B71BFE6B4048647C580599
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....F..........." ..0.................. ... ....... .......................`.......$....`................................./...O.... ..8...............H(...@......X...8............................................ ............... ..H............text........ ...................... ..`.rsrc...8.... ......................@..@.reloc.......@......................@..B................c.......H.......<....J............................................................(....*:.(......}....*.~....*...0...........w.9...%.r...p.%.r{..p.%.r...p.%.ro..p.%.r...p.%.rc..p.%.r...p.%.rW..p.%.r...p.%..rK..p.%..r...p.%..r?..p.%..r...p.%..r3..p.%..r...p.%..r'..p.%..r...p.%..r...p.%..r...p.%..r...p.%..r...p.%..r...p.%..r}..p.%..r...p.%..rq..p.%..r...p.%..re..p.%..r...p.%..rY..p.%..r...p.%..rM..p.%..r...p.%. rA..p.%.!r...p.%."r5..p.%.#r...p.%.$r)..p.%.%r...p.%.&r...p.%.'r...p.%.(r..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Hostname.Interfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16456
                                                                                                                                                                                                                        Entropy (8bit):6.779922779909052
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:7w4HYKv7R8pJ0LIYiArevUAM+o/8E9VF0NyEDaD:7R7R8pJ00YiRvUAMxkE7D
                                                                                                                                                                                                                        MD5:20008BB383F158A04003B3B3F4B40685
                                                                                                                                                                                                                        SHA1:7DEA3FF3836B514704F4E1E2B1F09516A9A202AC
                                                                                                                                                                                                                        SHA-256:29E53660B9AC2C49E98BEB8C2CD7EF4E508B595134945B8B86A2A826E92DC204
                                                                                                                                                                                                                        SHA-512:0EB4D10E9768A875145DC5A18EFC339BD75A445C90D044EA5FD6E4AE82B7B1403A367BBAFE6258F60F8197C266BA12E56C283374738A5738766A9EB4A9E9AD38
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1............" ..0.............f,... ...@....... ..............................^.....`..................................,..O....@..h...............H(...`......$+..8............................................ ............... ..H............text...l.... ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B................E,......H.......h ..<....................*........................................(....*:.(......}....*.BSJB............v4.0.30319......l...|...#~......|...#Strings....d.......#US.h.......#GUID...x.......#Blob...........W..........3......................................................u...............=...........C...........i.....$.................r.2.....................$.................J.......[...?.....Q.....i.....Z.....................-.R.Q.............Q...................&.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Hostname.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17480
                                                                                                                                                                                                                        Entropy (8bit):6.761255780532869
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:CeU3RA8esMJEYIYiArevgAM+o/8E9VF0NygZm36:CeUy8esMJEBYiRvgAMxkEmgK
                                                                                                                                                                                                                        MD5:2B7B76E4B8C5FE44C4A2471AB394A951
                                                                                                                                                                                                                        SHA1:D8258FD961631D07A99BD34DB8DAA2664EF3601F
                                                                                                                                                                                                                        SHA-256:AD30A9100844361688BBC532F9CFCEE7E67087F32E79B4A56C87AE6F38C401B5
                                                                                                                                                                                                                        SHA-512:EC70D7EEC77A748202141E90F5CD7714C34B6F66E5C2E878F03346D4D0BF24CA16F2ABF3F446F3EFEE6E771EE33379654F9BF982E94CE7648A556828912075D8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............0... ...@....... ..............................9.....`..................................0..O....@..,...............H(...`......./..8............................................ ............... ..H............text........ ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B.................0......H.......T!......................@/........................................(....*:.(......}....*..(.....(....,.....(....(....o....+.r...p(....}....*..{....*..0...............(....,......(....*(....(....,M~....r...po......-..+..r]..p.( ...,..s!.............(......'...,..o"......&...s!.............(....*.*......3..a........#.Jm......BSJB............v4.0.30319......l.......#~..(.......#Strings....<...|...#US.........#GUID.......$...#Blob...........W..........3........"...........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Logging.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23624
                                                                                                                                                                                                                        Entropy (8bit):6.60214193493402
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:KExvCnGTxyXXICYmWqgE1NOIeW+pHGH+6/qJnUIYiArevxAM+o/8E9VF0NymVg:lEGbCBLeWimH+6/qJnlYiRvxAMxkEQg
                                                                                                                                                                                                                        MD5:90CD371D884A8AE505373032CC8ECF34
                                                                                                                                                                                                                        SHA1:86EF9C241BF978F3070E35A19D924374F0B1D633
                                                                                                                                                                                                                        SHA-256:66B556B3AB113C97C5D141E56C022D5FDDB3C651F1B7D949B72842F5957020B9
                                                                                                                                                                                                                        SHA-512:92BCB955E4D0B29AE2D0ADD9FE4677ACEA2F67EC8467B8C40549A38BD6CE797E5108E0DC46219D3BCF081ED138FC166394C231E3D9D94DCAF6913A31CC902618
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....0..........." ..0..*...........I... ...`....... ..............................`.....`..................................H..O....`..P............4..H(...........G..8............................................ ............... ..H............text...4)... ...*.................. ..`.rsrc...P....`.......,..............@..@.reloc...............2..............@..B.................I......H.......|)......................pG........................................(....*:.(......}....*..0..V........(......%-.&r...ps....z}......{....o....r...p..o....-.s....%r=..po......+..u....}....*z..(......%-.&rY..ps....z}....*....0..G.........(....}.......}.......}.......}.......}......|......(...+..|....(!...*&...("...*.s.........*..(#...*...($...rg..prm..p..(%...(&...rq..p('...*...($...rg..prm..p..(%...(&...rq..p('...*..0...........{......{.......C[....~(...}......{....o)...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Posh.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):31304
                                                                                                                                                                                                                        Entropy (8bit):6.5109833694272625
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:OnBLlYTNRrcXG7wLCeKx8Xx/OxK/4qpciklWjUAjFkYQ8lJ12uhRHijJ61IYiAr9:LR4PLCyGzO1HRHijJ6CYiRvvBAMxkEYf
                                                                                                                                                                                                                        MD5:DAF75D0DA5BE388E4A7767C5027702CC
                                                                                                                                                                                                                        SHA1:5AB9D1602F26BA20034CA4A537061E5F656D72B5
                                                                                                                                                                                                                        SHA-256:3DBBC523AEF36CD8C1A791BC1CF57B5A85DD3CD3646653A7424455FC06407BEA
                                                                                                                                                                                                                        SHA-512:233BEF95DF371BB9C87F067F885B0C0A2EA53C4772EC63E0C6B389521AA991FAD219BFE2CD6C4CC18ABD748390AC9FB5CA43C86C065EACE990E3604A08129137
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:b..........." ..0..H...........f... ........... ..............................#.....`.................................]f..O.......,............R..H(...........e..8............................................ ............... ..H............text....F... ...H.................. ..`.rsrc...,............J..............@..@.reloc...............P..............@..B.................f......H......../..H5...................e........................................(....*:.(......}....*..0..U........(....o....r...po....,$.(....o....r...po............(....+..-..-....( ...*.*...( ...*..(!...*"..(....*&...(....*..r...p}.....(......}......}....*..{....*"..}....*...0.............(....o....r...p..o"...,..uF....+n.(......~....%-.&~......C...s#...%.....(...+-:.~....%-.&~......D...s#...%.....(...+..(&...-..+..(...+.+.r3..p..*.0..F........(.....s(.......F...%.rC..p.s....o).

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.RateLimiting.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16968
                                                                                                                                                                                                                        Entropy (8bit):6.799796174347686
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:jK1KkL8bjZO+K/DH57JHhiIYiArevA/KAM+o/8E9VF0NyXpc+S:NBjZLK/DH57JHhvYiRvACAMxkEDNS
                                                                                                                                                                                                                        MD5:745A582CC3A2CA528159905CF2B1F005
                                                                                                                                                                                                                        SHA1:E77F54B9F1B19ECE2021232E83A4865EC1B83E08
                                                                                                                                                                                                                        SHA-256:7323C28D14DB59C89D0851BC88DD95DB8944D2C303451C0AD8EBD6A464E6FAB9
                                                                                                                                                                                                                        SHA-512:F5084E488C1B47440DA18EA47AB9DD989F6DF52F3681854CB3C3BECDE8522373553124373F82DC4A331102C31EB41A3F36CEC213651277B91C108E5469150383
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$..........." ..0.................. ...@....... ..............................|?....`.....................................O....@..................H(...`.......-..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H........ ..@....................-........................................(....*:.(......}....*.~....o....*.~......(.....j2...(....~....(....+.~....s....o....*..(....*.#.......@#......F@(....j.....s.........*BSJB............v4.0.30319......l...<...#~......(...#Strings............#US.........#GUID.......\...#Blob...........W..........3..............................................................................X...\.X.....&.....................C...................x.....9...-.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.RateLimiting.Wcf.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20040
                                                                                                                                                                                                                        Entropy (8bit):6.6884755758150405
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:nV5KVHDapS3MT2wjpngiK/eAEJYXIYiArevkAM+o/8E9VF0Ny+r:nV5s+GsjppK/eAEJYYYiRvkAMxkEy
                                                                                                                                                                                                                        MD5:7343A9DDFB3D365BE0B743D87A390811
                                                                                                                                                                                                                        SHA1:22BDE84E7DBE1ECF48405EC0BBD6470D1DF0529B
                                                                                                                                                                                                                        SHA-256:C1B7FB64E3414C2B8C8E3029C0891E43FC7168FA8B9A97824BCC615DA28BE992
                                                                                                                                                                                                                        SHA-512:8E0D67920CE864B8B6C5457A83329D70AC007C008563A6993A19C502489D7739082713DE295D85C501A95B56D0B151703E7C264B10E53DAE47BD6910351B686F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~............" ..0.............2:... ...@....... ...............................]....`..................................9..O....@...............&..H(...`.......9..8............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H.......d".......................8........................................(....*:.(......}....*..0..C........o....(......o....,).t....o....r...po......(....,..s....(......&..*.........??.......0..c.......s......o....r...p(.......(....-. ....j+...( ......(!...("...o#... ....js....(.....o....(.....o$...*..*".P(....*..(%...*..*".P(....*..(%...*.*F.o&...s....o'...*.*.*..(%...*.s.........*.*....0...........-.r!..ps(...z.o)...o*....+`.o+...t5...o,...o-....+4.o....%o/...o0...o&...s.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Rest.Client.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):46152
                                                                                                                                                                                                                        Entropy (8bit):6.4503488026962525
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:j1opuq624vk3341WNBXScpr9UupEJxJYiRvviAMxkEVP:j1oIq9UkY1CQ+Sh7N4xBP
                                                                                                                                                                                                                        MD5:0EDE3AECCDF4D9D6C8C6E3BF16B6F803
                                                                                                                                                                                                                        SHA1:D647124E6580431A179FC4E5ACF58A628EE13A5A
                                                                                                                                                                                                                        SHA-256:0AEFA661D8CC6D57D8D1B2225C8016DA6D6326AE1D4864DDB35D0B1097B60E18
                                                                                                                                                                                                                        SHA-512:880E8E9BC6B6223CECDE0AE180B9F8336DB9E97E99C44E07D04496C5A33BA8FF9AC1B899921D63C886781DB6CA7625D1E9B9DD500DB88A248F842DFEA8B7276A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j=)..........." ..0.............2.... ........... ..............................*}....`....................................O.......\...............H(..............8............................................ ............... ..H............text...8.... ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........;...c............................................................(!...*^.(!......Z...%...}....*:.(!.....}....*:.(!.....}....*:.(!.....}....*....0..Q........(".....%-.&r...ps#...z(.....%-.&.(....s........o$...o%...}.....{.....(....(....*....0..}........(".....%-.&r...ps#...z(....(.....o&...u\.......s'...%.o(....(....(........s)...}.....{.....(....(.....{.....(....o*...o+...*..{....*"..}....*6.(.....o,...*2.{....(...+*:..o.....(....*.s/...(...+*.0..D........,@...{....-

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Rest.Client.Interfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23624
                                                                                                                                                                                                                        Entropy (8bit):6.578899627394358
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:AOBSxNX7vEsFlwKStxGRsyJE7IYiArevFAM+o/8E9VF0NyQRiB:AwszwBGRsyJEEYiRvFAMxkE1
                                                                                                                                                                                                                        MD5:951E99DD377C2C912D05865FFEF2000A
                                                                                                                                                                                                                        SHA1:D070457C48DBFBCBCF26637570C484767910E746
                                                                                                                                                                                                                        SHA-256:0F9EAE8A28B5DAF0F3C842D7F5B5B3BEF701099C0E860E783DF8022BADF7844A
                                                                                                                                                                                                                        SHA-512:41A5F2FBF8E62DB3F4665B260E39C24F26E7C437374F0B2E774EE139D6282742D02451177B22796DDC4BCE9C2240C3A54F68546EE0387C3B345865BBA27F7946
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!:............" ..0..*...........H... ...`....... ....................................`................................._H..O....`...............4..H(..........tG..8............................................ ............... ..H............text....(... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......d#...#...................F........................................(....*:.(......}....*..0..o........(....}.....#......Y@(....}.....#.......?(....}.....#.......@(....}..... ....}.....(.....s....}.....~....(....*..{....*"..}....*..{....*"..}....*J.(....%-.&.*o'...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*..{....*f..}.....{.....{....( ...*..{....*..{......&..}.....{.....(....,..{.....{....( ...*..{....*"..}....*..{....*"..}....*..{....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Retry.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):26184
                                                                                                                                                                                                                        Entropy (8bit):6.559026631283477
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:sA3FppLmgHKyBMei+qofs4JE2YiRvjAMxkEo:sA1ppLmXyBFNzX7NDx8
                                                                                                                                                                                                                        MD5:13A455F409997AFF925F72756DA5630F
                                                                                                                                                                                                                        SHA1:10640F0262BFEEB195ADA074EBE8A5507BAEF32C
                                                                                                                                                                                                                        SHA-256:63C58BF9393DDADA966A680E01134980C0FEA8C654EAD760D1E6EF0A51E108C7
                                                                                                                                                                                                                        SHA-512:AA38C2F07CFAAD77B02F04A021A04460CD15FEBBCB335383FA2AB7F3F3D39239322EC6EA1A9D088F2B8E2517711030FC16EF737E1ABD58198A5B85911271BB44
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..4...........R... ...`....... ...............................V....`..................................R..O....`..D............>..H(...........Q..8............................................ ............... ..H............text....2... ...4.................. ..`.rsrc...D....`.......6..............@..@.reloc...............<..............@..B.................R......H........*..4'..................8Q........................................(!...*:.(!.....}....*. (#..r...ps"........ )#..r'..ps"........ *#..ra..ps"........*....0..+.........}..... ....}..... ....}.....(#.....%-.&r...ps$...z}.....{....o%...r...p..o&...,+..u.............('...-..{....+...((...}.....{....o%...r...p..o&...,+..u.............('...-..{....+...((...}.....{....o%...r...p..o&...,+..u.............('...-..{....+...((...}.....{....o%...r...p..o&...,...u....}....*z..(.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Signer.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):49736
                                                                                                                                                                                                                        Entropy (8bit):6.273246821193536
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Jkr8FizJxsm4hTqyM+V6ZC2JZZDVRpz4bh7eCO2pShDWsEN12Tj89GxuEF2InJgT:Jkr8ysmI5lVmbaa2pkun7uh7N3+xz
                                                                                                                                                                                                                        MD5:AC3EB52832996FD8C60363460FF90C99
                                                                                                                                                                                                                        SHA1:DD03333BE320BEFAA72FD9AF58A557F6F01E54C9
                                                                                                                                                                                                                        SHA-256:EC210A6AA0133279721F050385E58FF81972ABF29A52CD85CC4F285AF04CEA29
                                                                                                                                                                                                                        SHA-512:DC6EF58744CA6AFA318B22815ABB1ED6FC982A2719C034076724E4921C6AE762053C9904132C3972C80BD075AAEB2B5FC5C2292F5B70C3033198E628EFD66683
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................Z@....`.....................................O.......D...............H(.............8............................................ ............... ..H............text........ ...................... ..`.rsrc...D...........................@..@.reloc..............................@..B.......................H.......lG...e..................L.........................................(....*:.(......}....*v.(......%-.&r...ps....z}....*....0..G.........(....} ......}"......}!......}#......}......| .....(...+..| ...(....*&...(....*....0..G.........( ...}(......})......}*......}+......}'.....|(.....(...+..|(...("...*..0..B........o#...($.....r...po%.....(&...,.r)..p*('...r...p..r...po%...((...*...0..........s)...%.o*...o+...%.o,...(-...&....&(....(/...,:.o*...r...pr...po0....r...pr...p

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Tenancy.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16968
                                                                                                                                                                                                                        Entropy (8bit):6.85177743364442
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:pCLUxLsAe8GoXE4JcvIYiArevyAM+o/8E9VF0NyukOw+:pCLUKWGoXE4JcQYiRvyAMxkEKw+
                                                                                                                                                                                                                        MD5:4B69390366353BAAFCB5D870D98FF03B
                                                                                                                                                                                                                        SHA1:0B3DA38C431721CC7FD087489AF1C16F9A5458FF
                                                                                                                                                                                                                        SHA-256:A3B1466695C757516151A187560BA65377D14F997AA14782C476252275BB573B
                                                                                                                                                                                                                        SHA-512:9F2D9F43721C34758E7FB7E64AFD4B440EC8073AE7B61543DC1F68B2DECA7735416216B18C5F871273E7D77B4C4C4108649C5F7C0F02D3ED546741F7376EE8FD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0............../... ...@....... ...................................`.................................{/..O....@..D...............H(...`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B................./......H........ ..$.............................................................(....*:.(......}....*v.(......%-.&r...ps....z}....*....0..T........-.r...ps....z.{....o.....+ .o......o.......o....,..(...+....o....-....,..o......*.*........,F......BSJB............v4.0.30319......l...8...#~......,...#Strings........$...#US.........#GUID....... ...#Blob...........W..........3........".....................................................!.........f...........@.....3.....h.M.....M.....M.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Tenancy.Interfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16456
                                                                                                                                                                                                                        Entropy (8bit):6.795433411235724
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:BWLKRAREvigxeJZAIYiArevHxJeAM+o/8E9VF0Ny3W:BnAcigxeJZJYiRvHaAMxkEM
                                                                                                                                                                                                                        MD5:D36C61FADDAB6480D4A57EDD9FC1EDA1
                                                                                                                                                                                                                        SHA1:1046E7E64E64FD5CF97C68F7A20A0DE9FDEBCECB
                                                                                                                                                                                                                        SHA-256:B41A807ECCC4D8AC63948B9CFAF8C0DDC3A893158B74E2A9C3DD15349B1CDC77
                                                                                                                                                                                                                        SHA-512:307627E3948EE0735F38FB7CCA2593C7AC427F4BAD24B74D7568528C9BCDCE831D791C8F881107C257127D7A817F6DDF32B15E9F024F77EC8CF80EE7825782A2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............v,... ...@....... ..............................r.....`.................................#,..O....@..h...............H(...`......8+..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B................W,......H.......h ..P....................*........................................(....*:.(......}....*.BSJB............v4.0.30319......l...x...#~..........#Strings....|.......#US.........#GUID...........#Blob...........W..........3..............................................................&...S.&.........W.................:...................F.........$...........:.......&.........`.......q...U.&...g.....}.....p....... .............C.f.Q...........&.Q...................&.....P ..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utilities.AssemblyResolver.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20552
                                                                                                                                                                                                                        Entropy (8bit):6.667489560107046
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:SzvR3JuBw+ZsElzh2Vka3DWJLftIYiArevjcHAM+o/8E9VF0NynX:eIwGlLqka3DWJLyYiRvjcHAMxkEx
                                                                                                                                                                                                                        MD5:B4FB4C4B348D4E0DF8BFF4FFF8886AE1
                                                                                                                                                                                                                        SHA1:7B0AD08BB995968BD504EECA407E582B2C96EFA1
                                                                                                                                                                                                                        SHA-256:FC2E6A213C4C87B628706F77D91E7A92C4D0EFC7348039BC07FA1E41213F8163
                                                                                                                                                                                                                        SHA-512:67C48215EE3A47A138C685AA62C869C39A882BC37C45CEBC852E1C3CBBD28747E5613668986141F7EB9E6501790B5F1CFAB7CA5D39DCABD4A02EE74035918FC7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3s..........." ..0..............<... ...@....... ..............................Q.....`..................................;..O....@...............(..H(...`.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................;......H.......|$......................D:........................................(....*:.(......}....*..0..?............(....o....o....(......(....,..(....(...........s....o....*..(....*..0...........(....,.*..r...p(.......(...%.r...p.%.r7..p.%.rY..p.%.rm..p...(....-..G.......+*.........(........(....,.....(....`....X......i2..,.(......&..*..................0..........s.......o....s ...}.....{....o!.....(....,..*.(....o"..........s#...(...+...(%...,[(....o&....+:.o'....{....~....%-.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utilities.EnumCache.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.749016244766599
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:XKuwlxifhd7xcpJU8IYiArevldAM+o/8E9VF0NyZMvg:aL2d7xcpJUtYiRvldAMxkET
                                                                                                                                                                                                                        MD5:F4EB32EBC5CCE9551E70B11C5EECBCB8
                                                                                                                                                                                                                        SHA1:CFA37A142A0720A351AE9C6ABB108E7E91A8A3F8
                                                                                                                                                                                                                        SHA-256:0E56236CE10102E909E92842B21FEF54B3FD66A0219101B15554C7BB9AB2DFD2
                                                                                                                                                                                                                        SHA-512:616CCDDC27973515CC1C7E34FDD33D14C441BD6355CCA442496F2365D097AD5B3CC184C86F906EC9D149B71B32095C6D22A0E89613F7A95616A6D4DB3F6FE885
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............2... ...@....... ..............................{R....`.................................b2..O....@..................H(...`......x1..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........!..$....................0........................................(....*:.(......}....*N.{......{....o....*..0..1........s....}....s.......}.....(............s....}....*.s.........r...ps.........r...ps.........r...ps.........*J.{.....~....o....*..(....*J.s....}.....(....*Z~..........s.........*F~.....~....o....*..(....*.s.........~..........s ........*..(....*6..{....o!...*.s.........*..(....*2.r...po!...*.s"........*..(....*N..r...p......o!...*...BSJB............v4.0

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Collections.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):34888
                                                                                                                                                                                                                        Entropy (8bit):6.4875370078420485
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:/y2N1fUiEC8r9bxpjpAX7J/OYiRvhYAMxkEc:/u423qo7NhGxQ
                                                                                                                                                                                                                        MD5:2FA64CD081B0B2164E0DDB2A0D4C6993
                                                                                                                                                                                                                        SHA1:9DC915F0C524D8543C76DF09E73B7A5BA355CB94
                                                                                                                                                                                                                        SHA-256:A0D5E5C2C95CD8132E1D9D42DD59FA142602597C6F27C75BEF948F5D458ABE2E
                                                                                                                                                                                                                        SHA-512:200148301415FEA9F04BDAA7966C48EFE930A9E2620F3E3D515BC81AAB927666FFDB9A10D1487443712DA1CDB6E2C4FA52D9729479B1F66B8BFE81C311A5C297
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............." ..0..V..........*u... ........... ..............................1.....`..................................t..O.......\............`..H(...........s..8............................................ ............... ..H............text...0U... ...V.................. ..`.rsrc...\............X..............@..@.reloc...............^..............@..B.................u......H........7...;..................ls........................................(#...*:.(#.....}....*...s$...}%....(&.....%-.&r...ps'...z}(....s)...}*...*...s$...}%....(&.....%-.&r...ps'...z}+....s)...}*...*...s$...}%....(&.....%-.&r...ps'...z}(.....s,...}*...*..0..X.........(-...}.......}/......}0......}1......}2.......}3......}4.....|......(...+..|....(6...*.0..?.........(7...}8......}9......}:......};.....|8.....(...+..|8...(=...*..0..4........-..-..*.,..-..*..i..i...*..+.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.DateTime.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25672
                                                                                                                                                                                                                        Entropy (8bit):6.5553327377666495
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:TVwKZHkZmfOYJlXjVz+TrqJzoYiRvrAMxkEeIW:ptzW7NLxil
                                                                                                                                                                                                                        MD5:115FFB74A791F1A38E25AC953553A8A9
                                                                                                                                                                                                                        SHA1:2B0CAAD4839D31D25FCB9D8B724DCA09B2928939
                                                                                                                                                                                                                        SHA-256:5F27EF91034522D3977D9D9D4185175684A0F8BA56D5E22050DDF2197B5968AD
                                                                                                                                                                                                                        SHA-512:81FFE0A8E9851444092F7D7C39809D249AE8581A7A3BC9493FAB4495DEBFAC703907D9E08F423F9C2617088D14A49B736A5B2F582CEF924FD6AE036D424CC697
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...GC............" ..0..2...........P... ...`....... ....................................`..................................P..O....`...............<..H(...........O..8............................................ ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......d*...$..................(O........................................(....*..(....*:.(......}....*..(....*.~....o....*.(....*.(....**....(....*n~......1...s....s.........*..s....}.....s....}.....(..... .........%.s....(....*..s....}.....s....}.....(......(....*..{....*...{....(....,.r...p......r...ps ...z..(......(......}....*....0...........(.......(!...*..0..G.......sN.....-.rW..ps"...z.-.rq..ps"...z../.....r...pr...ps#...z..}.....{....o$.........(%....{....-a....(....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Dynamic.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19528
                                                                                                                                                                                                                        Entropy (8bit):6.756045177379101
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:uHTtDLyUtykk3erDfhFUHnJPlIYiArevFeeAM+o/8E9VF0NyEc2f:kCAzfhFUHnJPSYiRvFLAMxkE+D
                                                                                                                                                                                                                        MD5:9710094F47BA63F487FC817E54A4CB64
                                                                                                                                                                                                                        SHA1:97B50F65865C7F244A2B3A25E167D78DA81DCE19
                                                                                                                                                                                                                        SHA-256:FF2D3F75142EF32B452A4392C4AB9BCE1D21490C9260007034969499E51A2520
                                                                                                                                                                                                                        SHA-512:67A817E8AFD1F57FCCB9961A8ACD1002A19D87DB869EF51EEAA7DB6D79000A860BF8228BCB0653ABE3CFFE20C7732C3703DD18E4F15FF8D198C2C96C44EBE33B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n............" ..0..............8... ...@....... ..............................(.....`.................................U8..O....@...............$..H(...`......|7..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................8......H.......8$.......................6........................................(....*:.(......}....*..0..{.......s.....~....-$..#...(.........(....(....(.........~....{....~....~....-;.r...p......(......(...%..!.(.....%...(.....(....(.........~....{....~.....+...(.....o....o ...o!....8....~....-%.......(.........(....(....("........~....{#...~.....o$...o%......o&...~....-:.r...p......(......(...%...(.....%...(.....(....('........~....{(...~......o)...o*....o+...:K......u......,..o

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Events.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16456
                                                                                                                                                                                                                        Entropy (8bit):6.831474838615447
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:WawvUjoT94JlNSIYiArevnAM+o/8E9VF0NyBN3oRF:W9OoT94JlNYiRvnAMxkEyRF
                                                                                                                                                                                                                        MD5:66D384BD7C7ACFD88FD0E1EF2D99EA28
                                                                                                                                                                                                                        SHA1:B027F6C78C86E21CF3B06D6171C50C55AC122809
                                                                                                                                                                                                                        SHA-256:29D5EEE4EAD674F9171D296FD3120B8CF131826B432A13388B9B672F0957EE4E
                                                                                                                                                                                                                        SHA-512:9F12799B9DB44A224B8AA806246D9D7EF30DBB3545E4072C10BE0DA551DF24887F52C68A84860303512B8ECEDAA22E4447ECD703D8285EC0D6C348AE392584C1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&.<..........." ..0.............2-... ...@....... ..............................*.....`..................................,..O....@..t...............H(...`.......,..8............................................ ............... ..H............text...8.... ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................-......H........ .......................+........................................(....*:.(......}....*..0.............,....o....*..BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob...........W..........3..........................................................................$.....$...V.$.........U.................=.................x.D.........'..... .....=.......$.........c.......t...E.$...j...........`...........d...........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Minimatch.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):30792
                                                                                                                                                                                                                        Entropy (8bit):6.471916768919288
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:2/lRneuT/KupjVQLlGQKLbYKM/rKtJiwYiRvoMkAMxkEvo:2NReuDpRQLl0IKXH7Nfixro
                                                                                                                                                                                                                        MD5:DFE5D1B3C7019D19EA86511F86463003
                                                                                                                                                                                                                        SHA1:8BD52BA33810DC024543CD0A9EB106EFC80B756B
                                                                                                                                                                                                                        SHA-256:3E428175E1CE26F544023DDB8FA2EC82CABFA02A255AB10B1B5298FE84487843
                                                                                                                                                                                                                        SHA-512:E6B5C42D9220B05F814286740284D84A26E6B2966F469BAFC56EFAD912C26DA17AF54D1272565121FFDA3E993EC244C55FC9777EBA9BBCF675B5380EF1208462
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....!............" ..0..F..........Jd... ........... ....................................`..................................c..O....................P..H(...........c..8............................................ ............... ..H............text...PD... ...F.................. ..`.rsrc................H..............@..@.reloc...............N..............@..B................)d......H........6...+...................b........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*2.(....-..*.*..{....*"..}....*..(....*"..(....*..(....*.0..E........-.r...ps....z.(....,.~(...%-.&.......s....%.(...*..s!....."...s....*....0..Q........-.r...ps....z.-.r...ps....z.,..o....-...o.....#3..*.(....,..(..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Networking.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17480
                                                                                                                                                                                                                        Entropy (8bit):6.78187571102069
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:GbT+UkfU+EEJcuIYiArevEBdJAM+o/8E9VF0NyAEj:GbT+vU+EEJcjYiRvofAMxkEN
                                                                                                                                                                                                                        MD5:9D6348C0DE734707F74390861E027CE8
                                                                                                                                                                                                                        SHA1:C783D4C2EAAC82FE34F81E518114123F95CFEF67
                                                                                                                                                                                                                        SHA-256:5F1579AC039CEBA36B112E200BF32EC490F35D28723E929C84B9B1F626C5B513
                                                                                                                                                                                                                        SHA-512:C1948A3183B798AE5CB61C7C040F1DCC3FB0DC696096FC8D19D34E74D3C72D84DDBAEE578FA3AE06C6D4AB47574F62B7327281E8FC43C26CCEF303BDA21846BD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(H............" ..0..............0... ...@....... ...............................M....`.................................30..O....@..................H(...`......L/..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................g0......H.......`!..l.............................................................(....*:.(......}....*..0..<...........+..........+..........o....,..*...X......i2...X....i2..*.0..8...........~.....s......o.....o....t....o.......&...,..(......*........%)..........(,.......0..).......s.......}....(....o...........s....(...+*..( ...*>.o.....{......*...BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID.......t...#Blob...........W..........3........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Objectpool.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):29768
                                                                                                                                                                                                                        Entropy (8bit):6.529281297839161
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:HDAapymnLPMwOxcFjXl4ChkT424id0vUZTEJ7XYiRvhAMxkEa:HDA8nLPMwOH2P97Npxu
                                                                                                                                                                                                                        MD5:C296D285BEF53949D8D74A387ADA8702
                                                                                                                                                                                                                        SHA1:6EBFF5EF23AD4AAE54BEB743F6B664B5F657EE16
                                                                                                                                                                                                                        SHA-256:75389E2E44B7AB07755318D7E7FDE9C5CD6A4109ECC5FAFB3835A7962B96D8B8
                                                                                                                                                                                                                        SHA-512:C8E1E149DB1A20CAE25EBA7A18B54A82381D00722247615AC88B6CE45531899FF03E6E96CD3AFF89BD50835673F2F38812ED39B3F7343CC468DAC6182D7D6603
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@............." ..0..B..........Za... ........... ....................................`..................................a..O....................L..H(.......... `..8............................................ ............... ..H............text...`A... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B................;a......H.......\+..D4..................._........................................(....*:.(......}....*>..(.....Z(....*r.(......}.......Y.....}....*2.{....o....*....0..:........{...........,".......|..............(...+........( .....*...0..[........{.......+C.......{!..........,*.............|!.............(...+.....3..*..X....i2..("...*v.{.........-...}....*..(#...*....0..7........{.......+%.......{!........-.........}!...*..X....i2.*.*....0..*........{.......+........{!........-.*.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Reflection.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25160
                                                                                                                                                                                                                        Entropy (8bit):6.676286078863456
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:VCdLIcKSckihkk5b3ZJhecU/VEJ9ZYiRvvAMxkEC:VcL9+JFd7NvxO
                                                                                                                                                                                                                        MD5:7FC313F523FCE36BF2B9EE7BA2E11D05
                                                                                                                                                                                                                        SHA1:90ADA6884F1DEE616193A82742E5539078EF4FC2
                                                                                                                                                                                                                        SHA-256:275CA96917E2DD01A8390B86D2ADABD6852F8F58FF0AADEF3149DD5E7C39FF34
                                                                                                                                                                                                                        SHA-512:8174EAB300B18610EF1B5D31254C7370D48D2F386CF54206F077C7EC38FF8DF780CFFE53D55A41732609DF58E3AA877A8C9D5C689068F7073A200C89A210911C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..0...........N... ...`....... ...............................*....`..................................N..O....`...............:..H(...........M..8............................................ ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................N......H........(..T$..................@M........................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. F.bo )UU.Z(.....{....o....X )UU.Z(.....{....o ...X*...0..b........r...p......%..{.......%q.........-.&.+.......o!....%..{.......%q.........-.&.+.......o!....("...*..(#...*:.(#.....}....**....o$...*.0............`..+....o$......(%...,..*.o&.......('...-..*...0..v.......s(.........()...(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Retry.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20040
                                                                                                                                                                                                                        Entropy (8bit):6.675463445621971
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:SS3El26Am/vRUQI0T/qBJCcIYiArevCAM+o/8E9VF0NybuN1R:SSCj1T/qBJCNYiRvCAMxkEe1R
                                                                                                                                                                                                                        MD5:4928241D2429F3D748B1510554EF5832
                                                                                                                                                                                                                        SHA1:C46AFCD111D1E11DB4F2D2AA5B81E4ADC97118F7
                                                                                                                                                                                                                        SHA-256:4F70F3692090F226DDF4F216EA1FD6D7A5C13D48868ED23858104C4767A9B687
                                                                                                                                                                                                                        SHA-512:CCA29AE373410C796C15FAE734C468B18FFADF41513C984571615970FF7EB5C6FC3D28D101C88C1958AC46EE160C9751CE9FCD47CBF0F623CDAC2440B68FD50F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,.B..........." ..0..............:... ...@....... ..............................tB....`.................................m:..O....@...............&..H(...`.......9..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H.......p#.......................9........................................(....*:.(......}....*.~....*.......*...0..?.......s.......}......0.r...ps....z.-.(......(...+.........s....(....*..0..Y.......s.......}......0.r...ps....z.-!~....%-.&~..........s....%.......(...+.........s....(....*..(....*Z~..........s.........*.0...........(......2.r5..pr_..ps....z..1.r...pr...ps....z..2...1.r?..pra..ps....z...1..+. ....}......}......}.....s....}.....s....}.....(....*..0..W........{..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.SecretBuffer.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.756718316204762
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:fb0q3cqE4iAseJETDoIYiArevgAM+o/8E9VF0Ny8J3v:hDiAseJE3xYiRvgAMxkEwv
                                                                                                                                                                                                                        MD5:56B4AE1D61D7D783100F58201B0D7AB5
                                                                                                                                                                                                                        SHA1:431250DCC5638B0A6DD5F2404826251E4276C63D
                                                                                                                                                                                                                        SHA-256:999105BE6A3CDD2119FF11028CD6261F996D223B808F6D6168059A3D666EE764
                                                                                                                                                                                                                        SHA-512:BE187013E1BFF8F1965EC9C63F127AD0C29847B6D115A9CB01418993D7551B8D88B0CE32C59ACB1237555E436CD769C618A8097426EE83449C9C8CF2CA087DAE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."............." ..0..............3... ...@....... ....................................`..................................2..O....@..................H(...`.......1..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........"......................H1........................................(....*:.(......}....*..{....~....(....,*.{......{.....i(.....|....(.....~....}....*..(....*....0............o.......(.....*.....................(...........}......{.....(....}......|....( ...}....*..0..G........(.....,+..}......{.....(....}......|....( ...}....*..}.....~....}....*..{....*f.{......}.....~....}....*:..o.....(!...*"..("...*"..(#...*...0..6........,,.($....o%.... ....%...o%...(&...('....s..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Serialization.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24648
                                                                                                                                                                                                                        Entropy (8bit):6.562726477439969
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:gEHjiGd6noadMrhuKe7nxncpJnUKYiRvOAMxkEPmn:DDld9adYhFB/7N8x8
                                                                                                                                                                                                                        MD5:6337C205493D34818080442CC5D050EC
                                                                                                                                                                                                                        SHA1:C3CAEF5482F90D4A0163E33A0C88E8029E67694A
                                                                                                                                                                                                                        SHA-256:C0165B012A7C67948A4249A754635C8BCB8C715A099B2C5B702EDAC73D0E3F13
                                                                                                                                                                                                                        SHA-512:AB6F6DF315450C24E0106BEE6EAB2EC2DEE3C3AFE48278A5071D329E0E35FF3EED20EDAD58B97A4828706482F7DD0211E0286855C069F61F3CD6DAB838B3348B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............L... ...`....... ..............................{.....`..................................K..O....`..h............8..H(...........J..8............................................ ............... ..H............text....,... ...................... ..`.rsrc...h....`.......0..............@..@.reloc...............6..............@..B.................K......H........&..\#..................@J........................................(....*:.(......}....*..(....*..0.............(......~....%-.&~...... ...s....%.....(...+o.....+=.o.......o....o.......(...., ......(.....o.....,...s....o ....o!...-....,..o".....*.........4.I}........(#...*^..:...%.....($........*.0...........o%....3Rs!......t(...}....~......."...s&...(...+,(.{....o(...o%....3..{....r...p()...o*....o+......(,....+..o-...(.....o!...-....,..o"....*......j..........0......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Strings.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32840
                                                                                                                                                                                                                        Entropy (8bit):6.432250699968588
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:QHOWSvOnkGc0Ak+i40lzgAqrQLFPsnJEIYiRveAMxkEho:iOWKOnS0Ak+pnXNF7Nsxi
                                                                                                                                                                                                                        MD5:54ABD6D1EEF5FD0803A5CBE83E3B0CEC
                                                                                                                                                                                                                        SHA1:2F7555EDE62A7D4CA4CB4CAE7C647F61190FEF3E
                                                                                                                                                                                                                        SHA-256:4D956E05185160C5FD50F9BB676193F3EE7BD5AB69505FD7C5D9ABBD2F938731
                                                                                                                                                                                                                        SHA-512:EF30307461B381A73391E8FDBE5058097A8B136B9992FE29B6D0D50682659653307974F3B20C1E296CA50528015FD4C6CC7C73EED4ECA1D7471890BCF97DB280
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..N..........Jm... ........... ..............................c.....`..................................l..O....................X..H(...........l..8............................................ ............... ..H............text...xM... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................)m......H........8...3...................k........................................(....*:.(......}....*..0..p...........7....(.......8....+=..o......(....r...p(....(........%.X.r...p..r...p(....^(.......2..s.........,..o.......*........Tc.......0../.......(.....+...8......o...........4......,..o......*..........#.......0..G........(.....,+..}......(.....( ...}......|....(!...}....*..}.....~"...}....*..0............(.......(.....*.....................{....*.0..2........(....,(s#.....(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.StrongName.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20040
                                                                                                                                                                                                                        Entropy (8bit):6.708582917185306
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:+fq4CI13mei8UUuEJGsIYiArev9aAM+o/8E9VF0NyTFh:+y4C4LUUuEJG9YiRv9aAMxkExb
                                                                                                                                                                                                                        MD5:522BD327642E1588FBB4C81F0C40E99F
                                                                                                                                                                                                                        SHA1:B1E8966B6AD6BF03A1FA5D10F12F7A40413D88F9
                                                                                                                                                                                                                        SHA-256:0AFAC18C45C2510DC7123963FF6A265208A1448F4633DF63625B563E188ED103
                                                                                                                                                                                                                        SHA-512:C1A9841778C34AED4F9C954EBBC2C37454B9273B3447A53F00E6A0B56412FD00D5ACD771226F47722DAE269C116ED63CB21862D07C1FA2CE3F04BBB3B1B39403
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S............" ..0..............:... ...@....... ...............................T....`.................................k:..O....@...............&..H(...`.......9..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H........ .......................9........................................(....*:.(......}....*.~....%-%&r...ps....rK..ps....(....t....%.....*.~....*....0..<.......(....(....-.(....(....,...R.*(.......o......./.........R.*.*BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID.......X...#Blob...........W5.........3........!...............l.......!...[.............................c...................................;.....;...h.;.....;...7.;.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Uri.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):26184
                                                                                                                                                                                                                        Entropy (8bit):6.470313248578126
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:9T1v8IoTJCF0c2/RL0jJsyYiRvG2CAMxkEE:9T1v8Iodlob7NG2AxI
                                                                                                                                                                                                                        MD5:B98F09D4ED065CA89FC4AEAA9B986440
                                                                                                                                                                                                                        SHA1:250256012C150AF17BB3BA4D67F03B4E9886C4DF
                                                                                                                                                                                                                        SHA-256:EE09C40D758A1036702650B6102E837077E976362053BDA2E4874CB6AF218968
                                                                                                                                                                                                                        SHA-512:D558B4E24F2709FB19C198B6DE729206E7F878271BC4BF3104962B4151FDAC34B3B2E81411040935FD5404D8254756DF19814FD3ED1552FE1F03AE84C93D43CF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[............." ..0..4...........R... ...`....... ...............................Q....`..................................Q..O....`..,............>..H(...........P..8............................................ ............... ..H............text....2... ...4.................. ..`.rsrc...,....`.......6..............@..@.reloc...............<..............@..B.................Q......H.......|0......................\P........................................(....*:.(......}....*N.o.....o.....(....*..0...........s......9.....o.....8.....o.......(....r...p.(....,#..(....(...+.3....(....(...+o ...+v..(....r%..p.(....,#..(....(...+.3....(....(...+o!...+?..(....rG..p.(....,+..(....(...+.3....(....(...+("...(#...o$....o%...:A......,..o&......(....*.................0...........s......9.....o'....8.....o(......()...r...p.(....,&..(*......(+....3....(*...(,...o ...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Utils.Windows.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):116296
                                                                                                                                                                                                                        Entropy (8bit):6.467042194428995
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:VDkIKX8sscVPEiNc+tvmiL6siLAuiN2t6Z9d3fNNWpzIWSNXWlU47NExw6:VYdXlXZ6VAuiN229dVUI5NXmU4h/6
                                                                                                                                                                                                                        MD5:BD8AAF5394DB2B9209EF8DCB86C64012
                                                                                                                                                                                                                        SHA1:AF3F2B80333076C633818886D7DE78787FE42965
                                                                                                                                                                                                                        SHA-256:98ECA1218916AAEE412BA58DA9B6FF93B803BF4D6839C77E7DDAC7A4F2D2F72D
                                                                                                                                                                                                                        SHA-512:CC4F942B3D8AA55570A7335CFB92AC2E04C01BE5287EAD7F4B7FB52F3B07BF0EE1C27648DFD6C7395199ED40C8C2B8ED195E1BC6BFF9E9C522BCE9BE339CB3AD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y3..........." ..0.............>.... ........... ..............................[.....`....................................O.......D...............H(..............8............................................ ............... ..H............text...D.... ...................... ..`.rsrc...D...........................@..@.reloc..............................@..B........................H........f..|J............................................................{....*..{....*V.( .....}......}....*...0..A........u........4.,/(!....{.....{....o"...,.(#....{.....{....o$...*.*.*. a.$` )UU.Z(!....{....o%...X )UU.Z(#....{....o&...X*...0..b........r...p......%..{.......%q.........-.&.+.......o'....%..{.......%q.........-.&.+.......o'....((...*..{)...*..{*...*V.( .....}).....}*...*.0..A........u........4.,/(!....{)....{)...o"...,.(#....{*....{*...o$...*.*.*. .]K? )UU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Wcf.Client.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):33864
                                                                                                                                                                                                                        Entropy (8bit):6.311395235523054
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:pqcy2A3fpVspBKiKsR3fQvoDEtYb/DbtJDnYiRvxAMxkEA:pqcL57NZxc
                                                                                                                                                                                                                        MD5:664F99FAF3B60F8873FEFCB4EC8E1901
                                                                                                                                                                                                                        SHA1:0164E087BF2CB809DABD626199FE2219896AF835
                                                                                                                                                                                                                        SHA-256:E20BC9949544DCFD74892591AC376AC61831F8A6D20FFF6CD76D32FA52E29C21
                                                                                                                                                                                                                        SHA-512:8CD8166FBFC575B7665FDA9EA777091CF2B0C8BCD58C78723D39FFF8C6C0B95FFA44339EAF96E755017B6556455076F158A17827D7247BB72A3C622AD864A5F6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..R..........Np... ........... ....................................`..................................o..O.......P............\..H(...........o..8............................................ ............... ..H............text...TP... ...R.................. ..`.rsrc...P............T..............@..@.reloc...............Z..............@..B................-p......H............?...................n........................................(....*^.(.......D...%...}....*:.(......}....*:.(......}....*..{....*"..}....*..{....*"..}....*..(....*.0...........(....(....,..(....(....:.....Po....(......o....,s.u......o....r...po ...(....,..o....r...p.(....o!....o....r...po ...(....9.....(....(....-v.o....r...p.(....o!...+^s".....(....(....-..o....r...p.(....o#....(....(....-..o....r...p.(....o#....Po....(.....o$....*....0..f..........%.(.....(....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.Xaxd.Wcf.Client.Interfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16968
                                                                                                                                                                                                                        Entropy (8bit):6.734276647935159
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:w4iQgJtEGPJeqIYiArevUAM+o/8E9VF0NyJ3yl:w4iJtEGPJeXYiRvUAMxkELyl
                                                                                                                                                                                                                        MD5:1B73DD76B4303C4C6B845024F7014615
                                                                                                                                                                                                                        SHA1:2C1B80627486944505BEAC8A82E76B0954DBD5A7
                                                                                                                                                                                                                        SHA-256:F67F868F24F20A7F28A98D3A420866F6AAC60BC77D49A93ED33D84CFDC12CF0B
                                                                                                                                                                                                                        SHA-512:63E3739E1BBB7426A8B8A66CA22D78B17E8F0AE2D6BB625AE5480908C8FD45E39885060FBC8A556F31CD611B6F1032B7F7FFF84E9B9529AAF58E5F9BF841571D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v............" ..0.................. ...@....... ...................................`..................................-..O....@..t...............H(...`.......,..8............................................ ............... ..H............text... .... ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................-......H.......h ......................\,........................................(....*:.(......}....*.BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID...$.......#Blob...........W..........3......................................................................................c...........K.....K.....K...<.K...U.K...............p.....i.K.....K.........N.K.....K...5.................................................Q.............Q...........v.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.XenDesktop.Cloud.DataStore.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):199752
                                                                                                                                                                                                                        Entropy (8bit):6.150224099161986
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:CkPypBShrsqrZd/MRCnfcmMUUjjdHjYrCi8hc:KBShBMRUQU2c
                                                                                                                                                                                                                        MD5:4EE256F5D1FF7CE8A6886B7DD91F53AD
                                                                                                                                                                                                                        SHA1:1ECE7A83B2D42D7B97B7EB6079F92B7B045B71A9
                                                                                                                                                                                                                        SHA-256:B09B77144C065C2E6B428CEA064AC7A1D243378854BC1261C8F0458A94395788
                                                                                                                                                                                                                        SHA-512:93F46BCF9D8E4162442922E5A79B95FE381D18637B30CF319BE9D59FE5CBB2C512E07925FB33DD2CB1D3B79B32DA39ADC077A8C882682351AD925080CEB828BA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0.................. ........... .......................@............`.................................<...O.......................H(... ......,...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................p.......H.......,v................................................................(....*.0...........u.............*.*..*.r...p*..(....*^.(.......n...%...}....*:.(......}....*:.(......}....*:.(......}....*"..(@...**....(A...*2......(B...*2......(D...**....(C...*...0.............(...+.o.......( ......(!...*..0..Q.......r...p..o...%../.("....s#...%r...p..q...o$...%r)..p..q...o$.....{c..........o...+*....0.............(...+.o.......( ......(!...*..0..%.......r...p.r3..p.(%.....{c.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Citrix.XenDesktop.Cloud.DataStore.Models.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36424
                                                                                                                                                                                                                        Entropy (8bit):6.417512878455585
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:w1y236nyFLlTAWxH3elsySHxIUm9Y+doJFoYiRvbAMxkEFZY:w1P6BUXRIUf07NbxfY
                                                                                                                                                                                                                        MD5:8F6F47D8EAECB0C7F0DC8190DC282154
                                                                                                                                                                                                                        SHA1:637F0CB8A6173629CCD3F54D1ADD85CDAABBDD1A
                                                                                                                                                                                                                        SHA-256:FF7DF7EF96471044A7C814AFDD6C817AF0E1654CBA6BA49EB7EFA83526F8E0F0
                                                                                                                                                                                                                        SHA-512:9EFC12D65C225462A4DD7A75CFFBB1A62D4A3583F14CA37651EF4C18F372BA6572C7E5681E0832D458928DD83DAADD39B785089320C895BAE7BACCC950CD08AD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....)u..........." ..0..\..........v{... ........... ....................................`................................."{..O....................f..H(...........z..8............................................ ............... ..H............text...|[... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B................V{......H........,...L...................y........................................(....*:.(......}....*..{....*"..}....*..(....*..(......(......d(.....~....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*2.|....(....*"..}....*2.|....(....*"..}....*..{....*"..}....*..{....*"..}....*..(....*^.(......j(".....d( ...*..{....*"..}....*..{....*"..}....*f.(......(%....(...+('...*..{....*"..}....*..{....*"..}....*..{

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ComponentInterface.Constants.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20040
                                                                                                                                                                                                                        Entropy (8bit):6.610342710203213
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:aXjEnrTwOOw749zdE8hIYiArev1AM+o/8E9VF0Ny0Lw:aXwvwOOMMdE82YiRv1AMxkEB
                                                                                                                                                                                                                        MD5:A12BFA1716733E1B04D26DD2DDA28C0A
                                                                                                                                                                                                                        SHA1:D8408C44E1676775A605F884E9CA0BCD38899C97
                                                                                                                                                                                                                        SHA-256:8F07AD4780F683751494FF5B1F034E887D8176A454CEF585EBFD7B7BF29EAC7F
                                                                                                                                                                                                                        SHA-512:8D94AAFE4B14EEC01EB94BA38E60C15FD2D6982CCFC4DD10E9F4EFE25EB385F8E54CF6EA69A663C2D1979D87FF1FA8122A1D48F4A18CE4AF37D2ACEC2BDE7F64
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P8..........." ..0..............;... ...@....... ..............................UD....`..................................:..O....@..l............&..H(...`.......9..8............................................ ............... ..H............text........ ...................... ..`.rsrc...l....@......................@..@.reloc.......`.......$..............@..B.................:......H........ ..,...................(9........................................(....*:.(......}....*.~....*.~....*.~....*.~....*..0..l.......r...ps....o.........~.........r...ps.........rS..ps...............%.(.........%.(.........%.(..............*BSJB............v4.0.30319......l.......#~..T.......#Strings....`.......#US.........#GUID...........#Blob...........W..........3................&........... .............................................2.......M...............^.........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ComponentInterface.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):150088
                                                                                                                                                                                                                        Entropy (8bit):6.188808104813814
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:nQm0yVwnda4tRO3IsBFCPyxlNWXDGraMbBa2WUMnkK1AnexxRWzZSDUd7NQxX:QfyyVul5WXqWMw2WUSkwZ4IDUdh4
                                                                                                                                                                                                                        MD5:D0FCC326DB961F2E7B883026CE4B213A
                                                                                                                                                                                                                        SHA1:DB12E529B6B5AB560F31B9186DB6CF58CFBD5F79
                                                                                                                                                                                                                        SHA-256:598298087D1C5E4BC0DF9433C1DBCB7C2B38AF6F9CC8901C51E9B32CC5C19AD1
                                                                                                                                                                                                                        SHA-512:4C43C648C8305682A8462CF251A4C4827B06CA2F20FC3EF18D6BFA4FEA1D388766FA1B0408A5BBA3199F3A236C3320F2AF0E53F5DBA24E2FA6C019D4730B18D4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............7... ...@....... ..............................1.....`..................................6..O....@..0............"..H(...`.......5..8............................................ ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`....... ..............@..B.................6......H........u..l...................D5........................................(....*:.(......}....*.~....*..{....*..{....*..{....*..{....*V.(......}......}....*..(......}......}......}.......}....*6..s:........*..0...........{.......(....-..(>...*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..L........(......}......(A.....(C......(E......(G......(I......(K......(M

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ConfigLoggingSupport.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):114248
                                                                                                                                                                                                                        Entropy (8bit):5.9031635843845
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:DJvT1lYhuyuLAivvzizC4t6/IjL4UUny2qXdctvCN5hr:dvT1lYhuyulvvziTnFr
                                                                                                                                                                                                                        MD5:5813C912EFB54FE9D68176A2655F1327
                                                                                                                                                                                                                        SHA1:6B6886DEF553FBF4B6A4C678223FFA3B6092BF82
                                                                                                                                                                                                                        SHA-256:947A98F8378437AA6807A811E53484D578E87091FBD7A53354EC22C4E7B0156F
                                                                                                                                                                                                                        SHA-512:8E407748ABD5974EBABF0D9A04537D1C31B780412A1A6E86915069795F92FD9B48C9BE932DD35104A1FD0ECAD518970B7CAA5945A31E7E2E39FF27D0E189A95E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C............." ..0.............f.... ........... ..............................>|....`.....................................O.......<...............H(.......... ...8............................................ ............... ..H............text...l.... ...................... ..`.rsrc...<...........................@..@.reloc..............................@..B................F.......H.......<................u...3............................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o ...,.(!....{.....{....o"...*.*.*. ..kQ )UU.Z(.....{....o#...X )UU.Z(!....{....o$...X*...0..b........r...p......%..{.......%q.........-.&.+.......o%....%..{.......%q.........-.&.+.......o%....(&...*..{'...*..{(...*V.(......}'.....}(...*.0..A........u........4.,/(.....{'....{'...o ...,.(!....{(....{(...o"...*.*.*. .9v. )UU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ControlScripts\HighAvailabilityServiceControl.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19073
                                                                                                                                                                                                                        Entropy (8bit):6.047176786821346
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:oGAetU/zR8V64bYZ5DUQohfcyxdcsXGL4yJEsOQ7YKnicxsFMNPR0L0:oKtUSbagQohfcgdcFUhEYKiZMNPRF
                                                                                                                                                                                                                        MD5:2494232541C1C07C46B377FC34FF4F30
                                                                                                                                                                                                                        SHA1:092B160808F9437EBF57F1FB8A5A9352C5E8851F
                                                                                                                                                                                                                        SHA-256:8AA05171D1743A6B7EF2ADF08B9C292DC0AB251FC2D685A243A0ACBDFA3E8B43
                                                                                                                                                                                                                        SHA-512:E4BFA577373B9532F4440DF3BC2C3C18BC6D772F3054B84B9E068DE39A361F1281D67E644850B5C53149734E0D38A6BF5C93E0B739929445B40A1CCA7C873402
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<#.. PowerShell module for performing actions related to Local Host Cache (LHC)..... This module should be used on machines that are running the High Availability (HA) Service (also known as, the Local.. Host Cache (LHC) Broker) and the ConfigSync Service. In on-premises deployments, this will be the Delivery.. Controllers and in cloud deployments this will be the Cloud Connectors..... To import the module, run the following:.. C:\PS> Import-Module .\HighAvailabilityServiceControl.psm1..#>....<#...SYNOPSIS.. Tells the LHC Broker to go into outage mode....DESCRIPTION.. Tells the LHC Broker to go into outage mode, provided that the LHC database files have been successfully created by the ConfigSync Service... Note: Must be run on all Delivery Controllers / Cloud Connectors in the zone or resource location...#>..function Enable-LhcForcedOutageMode {.. $haDatabaseName = 'C:\Windows\ServiceProfiles\NetworkService\HaDatabaseName.mdf'.. $haDatabaseNameLog = 'C

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ControllerDAL.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):70216
                                                                                                                                                                                                                        Entropy (8bit):6.866051999016772
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:9yZEfiwAMhI5bPYgRtQFRxxKPDaF7NUGxxO:9CMLIag7QFRx5FhUIO
                                                                                                                                                                                                                        MD5:DDCC7C3936830F5D4E76642BCAAE1EAE
                                                                                                                                                                                                                        SHA1:98400D07264700CA0AC6E12FC5E33EAEFBDEAC88
                                                                                                                                                                                                                        SHA-256:E692C671F47E13BA4BB01C03DE675484053585DF9E2CF49FCE421CE2C6682C54
                                                                                                                                                                                                                        SHA-512:4D05A9C5E6DBF64CEFC7CB952150B8507E2FAD90820DADCDBF6D04BA84700D3FF1D2538EB7B31DD31054EC4F8C118E69E49C7983188AF6E54812D6B71BB8D539
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.q..........." ..0.................. ........... .......................@......m9....`.................................\...O.......................H(... ......p...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........F...j..........p....L............................................(....*:.(......}....*..{....*"..}....*.0..\.........(.....~.....(....(....(....}...............(......r...po......o.....r...p.{....(....(....*b.(......(....%-.&*o....*Vr7..pr_..ps ........*"..(....*.0..........sd......}.....|............}.....| ..........|!..........(....r...p....e...s!....... ....o"....M..{....r...p.(...+r=..p.(4.......{...........{....Q..{ ...........{!.........*........8.(`..!.....8.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ControllerInterfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22600
                                                                                                                                                                                                                        Entropy (8bit):6.626137683500539
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Zxv9BJh/0YH7TVCMUOdMHfIYiArevcmzAM+o/8E9VF0NyltgNA:rv9RddMHgYiRv/zAMxkEtKA
                                                                                                                                                                                                                        MD5:6E4CBDFFBD65774BF0DF82DA3A8B8B04
                                                                                                                                                                                                                        SHA1:2894DB60A592A8843BBB0494D247E5B640CC9671
                                                                                                                                                                                                                        SHA-256:BDF7FADEC2B2506C80413EF6AD0CDA53C42A653420A063684F582AFCAA86CCE4
                                                                                                                                                                                                                        SHA-512:EBE9C6DE35D8574AD33475E89DA2CC1727B75F460FA15A9AC5D29DC98369879974D3B2104678F99DDCA6B8953449FFE1BA07A907E73ED6DD2ED49AA7BF6C88FF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'.x..........." ..0..&...........D... ...`....... ..............................{.....`.................................3D..O....`..<............0..H(..........LC..8............................................ ............... ..H............text....$... ...&.................. ..`.rsrc...<....`.......(..............@..@.reloc..............................@..B................gD......H.......`!..l!...................B........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...BSJB............v4.0.30319......l.......#~..@...d...#Strings............#US.........#GUID...........#Blob...........W..........3........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\CredentialSecurity64.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):116808
                                                                                                                                                                                                                        Entropy (8bit):6.1620767146172
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:M2lOnKMTEaHUv4uoHaEMwCqZvmSOo2iePG3ufWC+vr//T/7nM4L3zm2Q9ZVbq+bf:nMTEuKFhEMwzf9Y3v
                                                                                                                                                                                                                        MD5:355B76484BD776E73158A8E471EC204B
                                                                                                                                                                                                                        SHA1:C4E93100ABD7923A0E6C6C8E9560123A4F74794E
                                                                                                                                                                                                                        SHA-256:083BCBF93B32E7A12BAF8AFDE5277D80B1E5E0EEBC7807BF910495C17787FC0C
                                                                                                                                                                                                                        SHA-512:DDCC24575DCEF580A0481D0958596692D96ABC54BDEE9E2811D3524917419267FC16657D38A8D4F40A6CDEE45EDEDAC4340141E895B478CC01BC7FD8D8B6059E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?)..{H..{H..{H.. ..qH.. ..~H.. ...H..{H..zH.....eH.....uH.....jH.. ..~H..{H...H.....xH.....zH....i.zH..{H..zH.....zH..Rich{H..........PE..d....Y.f.........." ...'............. ....................................................`A........................................0...H...x...<...............|.......H(......@....l..p............................j..@............................................text............................... ..`.rdata..............................@..@.data................t..............@....pdata..|...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\CtxAdmin.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36936
                                                                                                                                                                                                                        Entropy (8bit):6.3060183241502115
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:54e1y+25Lep4zy3q6n6y1rgl8UdsFIVSYiRvRmAMxkED:5VD8y3qw1rgl8UdLk7NRUxX
                                                                                                                                                                                                                        MD5:AE9F577B454640058339292CB27E4689
                                                                                                                                                                                                                        SHA1:BCEED6EB243DEA02BA5A93230B034ED800B0CEA2
                                                                                                                                                                                                                        SHA-256:0B275DBF0BE315349A32E73C39679BCCC180CE4CA932246C9624EFB424F819DF
                                                                                                                                                                                                                        SHA-512:99BEDFCA51BA6FA7E31927744210C29B2E55A0EC7F37A2EF83B2B175B38D8969A8FCA47F092600FDB90066C3369B364B725993100C07DDD1B148D024B9522CC3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..^...........{... ........... ..............................%.....`..................................{..O.......4............h..H(...........z..8............................................ ............... ..H............text....\... ...^.................. ..`.rsrc...4............`..............@..@.reloc...............f..............@..B.................{......H........7..dB..................Dz........................................(....*:.(......}....*..0.............(.....(....r...p~<...%-.&~;.........s....%.<...o.....(....r...p~=...%-.&~;.........s....%.=...o.....(....r!..p~>...%-.&~;.........s....%.>...o.....(....r;..p~?...%-.&~;.........s....%.?...o.....(....rM..p~@...%-.&~;.........s....%.@...o.....(....rY..p~A...%-.&~;.........s....%.A...o.....(....ru..p~B...%-.&~;.........s....%.B...o.....(....r...p~C...%-.&~;.........s...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\CtxMcp.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):56392
                                                                                                                                                                                                                        Entropy (8bit):6.146907545148721
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:wxGXIQ/WehWREoWZhmFNEyIqgWelS0M7Nptxj:TIQ/WehWRNWsmL5MhB
                                                                                                                                                                                                                        MD5:4B59395CDA532B3D862BD67684372ED5
                                                                                                                                                                                                                        SHA1:9E9705F45BC20AEED81EDC5CB5961CA7C5D36DCD
                                                                                                                                                                                                                        SHA-256:56282C1BFC5B67411D9D8A4BB22601409243309A236EF575E067F21EAAC30FC9
                                                                                                                                                                                                                        SHA-512:EFD690C49DE03F8F137E4309B69AC3E27FA0953054DDEBB2FD7962A5205F6273BC40A80F5A072FB1818CD714E0B74F09ECAA72F2CCB32E169805348057B78E18
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\..........." ..0.................. ........... ....................... ......_.....`.................................{...O.......`...............H(..............8............................................ ............... ..H............text....... ...................... ..`.rsrc...`...........................@..@.reloc..............................@..B........................H........U...s.................. .........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*.......%.r...p...s.....%.r...p...s.....s....*.~....*.r...p*..,.....+...tC...(....*..tC...(....*r5..ps....z..,.....+..(....*.(....*r5..ps....z..(....*.(.........*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0.................%.rm..p...s.....%

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\CtxSta.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):45128
                                                                                                                                                                                                                        Entropy (8bit):6.196627517350262
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:tO2nfCpnumA/LVdcR1XujRjVjypSxDuZDPReQxoGoFQIZx9NsymJeh9hR+QQznt5:tOPZMB0DR3aQkbsyge4c87N0Nx6
                                                                                                                                                                                                                        MD5:84A1CBCA7C0394050FFD91199C7F3761
                                                                                                                                                                                                                        SHA1:1CDABB846889D75E662C3D3C26075B095EEEF7BA
                                                                                                                                                                                                                        SHA-256:8D6552E296455DBC22BE531623D65F145F406BA7BA73F5FA89EB6CC5E938CB35
                                                                                                                                                                                                                        SHA-512:45442C36DF7DBBEBE87BBC5A7EFF2BB5D9606CA2B333237481E7F96DCB8EE36B5CFA07EBFF0A1F8A3915795B95FB7EFF0A43EB5AD6E90AEB071B2AB3C453B2FB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._.Z..........." ..0..~..........v.... ........... ...............................M....`.................................#...O.......T...............H(..........H...8............................................ ............... ..H............text...|}... ...~.................. ..`.rsrc...T...........................@..@.reloc..............................@..B................W.......H........A...Z...........................................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*.......%.r...p...s.....%.r...p...s.....s....*.~....*.r...p*..,.....+...t6...(....*..t6...(....*r5..ps....z..,.....+..(....*.(....*r5..ps....z..(....*.(.........*..{....*"..}....*r......%.rm..p...s.....s....*.~....*.r...p*Z.-...(....*r...ps....zV.-..(....*r...ps....z..(....*.(.........*..0.............(.....(....r...p~Z...%-.&~Y.........s....%.Z...o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\DelegatedAdminSupport.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):43592
                                                                                                                                                                                                                        Entropy (8bit):6.283464894730147
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:ht70SRv6TBIk+QnA2K8f2p6we1Py/KpeshDrERCA1OQzReSRY9jmoKYiRvZAMxk9:vvfdSAn8f2piPyypNDrERCA1OodUc7Nk
                                                                                                                                                                                                                        MD5:49025822DBE9740DEC665336155CA360
                                                                                                                                                                                                                        SHA1:4A16044D89CEFB81D7CE37EC7D13D396F59ECF24
                                                                                                                                                                                                                        SHA-256:61E1302D179B4A00C71A46E98A5DD8537B8A47805199D5C3DEEBA5748D203BD1
                                                                                                                                                                                                                        SHA-512:131555809CCE0ED3D97ADA75657DAD300BA4BB09B6C186940F1F55075CBDC0D9DB303AECB44C4DACF67214F47C5D477E8AA516585AB3F4661E3AEB21B6743567
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(............." ..0..x............... ........... ..............................3.....`.................................8...O.......<...............H(..........D...8............................................ ............... ..H............text....w... ...x.................. ..`.rsrc...<............z..............@..@.reloc..............................@..B................l.......H........>...W...........................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ...A )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o ....%..{.......%q.........-.&.+.......o ....(!...*..("...*:.(".....}....*"..(#...*V($...,..{....o%...*.*.0..........s&........s'.....r9..po(...&.o)....+M.o*......*o+.......(.o,

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\DiscUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1011784
                                                                                                                                                                                                                        Entropy (8bit):6.001140300190096
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:QCmGf6qsJNLfnU9PbbpRTf1FgvSCCquyFY150:dJSLfnU9Pbn9FYBCq6u
                                                                                                                                                                                                                        MD5:A4DE4231E573C4586A3ADFB3F6E4497E
                                                                                                                                                                                                                        SHA1:EBD421F798FE937BEADFFD96FD0AC501FEAB1F2E
                                                                                                                                                                                                                        SHA-256:BA7AF306AC79D0E1438405D2681334B0F260D34C495AAA4755549F3CE61CB857
                                                                                                                                                                                                                        SHA-512:76953B2521787C35EDA8AA4625C33AFE92497B65F04B9A4B0E682D390E2DE47A91099EA7C1B84638F390502793C1A8171AAB85C5E787008C80C4F23B05AD47B8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y............" ..0..@..........b>... ...`....... ..............................U\....`..................................>..O....`...............H..H(..........8=..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................D>......H.......@B...t...................<........................................(l...*:.(l.....}....*v....(m.....}...........}....*..{....*"..}....*...0...........{.....{....j]i..-O..{....],..{.....jX.on...34.(o....{....op....(o......oq.......{......jX}......*.{.....{....j(......{.....jX.{....j(....%.Y ....j1.r...psr...z.Y.......(o....op....(o.......ioq.......Y(s...........(t.....{......jX}......*..0..<...........3...{....X.+...3...on...X...j/.rA..psr...z..}.....{....*.0..F.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\DnsIpSupport.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):50248
                                                                                                                                                                                                                        Entropy (8bit):6.08377071759831
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:kpXuIjeg6hID+/juqTBS+e2cplabm6saHKlYsQj44Nq90iuYiRvnAMxkEDx:sz6hQ2BT0C6R2Pj46v7NHxJ
                                                                                                                                                                                                                        MD5:20450AF002DDDD9D641E6BE5BDEBA006
                                                                                                                                                                                                                        SHA1:85ABC4687DFB490C13BB7FB53376C6CAEB6E0CF8
                                                                                                                                                                                                                        SHA-256:3D6683831BC2C55B68123CD3E7154ED1E3E2A93B53E3D6D7DC0C2C7CD31993CF
                                                                                                                                                                                                                        SHA-512:A59D0D2E517092DB0A87A51739E746E413FEBCC446E7660CAD9C125ECCDF9405B61D8EA758111D333B58E3330486AA6E7E47F5C1E7A6B445DD283E15723A6836
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@N~..........." ..0.............Z.... ........... ....................................`.....................................O.......................H(..........,...8............................................ ............... ..H............text...`.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................:.......H.......4B..xm............................................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..(....*....0..Q.......~.....&r...pr1..ps....r...po..........~......s....%.o.....j..(...+....,..o......*.........!.$E.......0..G.......~.....0r...pr1..ps....r...po..........~............(...+....,..o......*.......!..;.......0..D.......~.....;r...pr1..ps....r...po....................(...+....,..o......*......!..8.......0..........s...................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\DocumentFormat.OpenXml.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):6112688
                                                                                                                                                                                                                        Entropy (8bit):5.904979750468383
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:NNw0um+t5kpFQ/Tn7gPnGBRgeDztoXgyltb:vw0F+epy/T1G
                                                                                                                                                                                                                        MD5:2D081D4EC986B4A2622BF4D27ACEA1F8
                                                                                                                                                                                                                        SHA1:542E43BFE7C34D431F0549D690C205F0B0DE7E6E
                                                                                                                                                                                                                        SHA-256:379DFB830452B1B7476F1CD3F21423D9F99CF0C84BBF70B1611BA5E53D320F4B
                                                                                                                                                                                                                        SHA-512:D23C8E6C8ECAE7B274110C1D3DD5DF609E242BA20B40D060D59E5344E4DF179A78A20FE681FBF79F85B73E12DF09F4C99768B04888FABB96F61A0A79908C886F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F3C..........." ..0...]..........-].. ...@]...... ........................]......7^...`.................................B-].O....@]...............]..'...`].....h,].T............................................ ............... ..H............text.....].. ....]................. ..`.rsrc........@].......].............@..@.reloc.......`].......].............@..B................v-].....H.......xO!..};...........\..^...+].......................................{E...*..{F...*V.(G.....}E.....}F...*...0..A........uK.......4.,/(H....{E....{E...oI...,.(J....{F....{F...oK...*.*.*. .... )UU.Z(H....{E...oL...X )UU.Z(J....{F...oM...X*...0..b........r...p......%..{E......%qN....N...-.&.+...N...oN....%..{F......%qO....O...-.&.+...O...oN....(O...*..{P...*..{Q...*V.(G.....}P.....}Q...*.0..A........uP.......4.,/(H....{P....{P...oI...,.(J....{Q....{Q...oK...*.*.*. TRU. )UU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\EventLog.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):82504
                                                                                                                                                                                                                        Entropy (8bit):5.867061934203429
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:HN7jcGQb8B11YxfKIBdgfCYmWPWhPkT4cgDpn0o2Lxahp8w1Ew5/st68wxHDOLyG:Z2BdgfCYmphPkT4hDWoow+0PfS7N8xJe
                                                                                                                                                                                                                        MD5:DCDF561EEE3B08BD028A42DF77C10943
                                                                                                                                                                                                                        SHA1:C03E1254BEB1968B26D0512C4043E72F7B7CD590
                                                                                                                                                                                                                        SHA-256:910F6509703B99BA111C4FDBD24471565E47DA3ACC2AF6909428660241AB8883
                                                                                                                                                                                                                        SHA-512:BEAB3DAF52E4C1580BF70C952B46B88E0641C42085EC54E25CC1C467CEE98CD08072350B12A0D9FECCA9209B51D789FE66089E91F5741114343C677E39602C88
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&............." ..0.............B1... ...@....... ..............................$a....`..................................0..O....@..................H(...`.......0..8............................................ ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................"1......H.............................../........................................(....*:.(......}....*.~....*.......*.~....*.......*.~....*.......*.0..........s.....(....-K(....o....r...p.o....,.r1..prs..ps....s....(....+.(....r...ps....s....(....(....-.(....(......s....}<....{<...r...p.o....9....(....r...pr...p..)...%..s.....o....(....r...pr3..p..)...%..s.....o....(....r...prA..p..)...%..s.....o....(....r...prU..p..)...%..s.....o....+d(....r...pr...p(...+o....(....r...pr3..p(...+o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\EventLogCodeGenHelper.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):27208
                                                                                                                                                                                                                        Entropy (8bit):6.426272735194072
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:48ueV2AC3GmxY+3dTBycPpPCFLM9fNjSWIYiArev1EoAM+o/8E9VF0NyT5:4HaLoxl02BNjSLYiRvqoAMxkE3
                                                                                                                                                                                                                        MD5:F3B051F55BB3D7D38680A101E7F44292
                                                                                                                                                                                                                        SHA1:2D27DCFD8758600BA1960BF8B029B31281C8AB92
                                                                                                                                                                                                                        SHA-256:4557499BC49CFE4850151A5E588AD46837737BAC7BF300DF2EAB19E08F6895A0
                                                                                                                                                                                                                        SHA-512:26AAC4FC6AFEB2F3E5C8F5854B5DAC17E9487517AD989A43C557B5AE8FAD1800D0366F7E4C535668665428A2B09666D74B695FE59B449598AEB183073C3A2A5A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....S............" ..0..8...........V... ...`....... ..............................c.....`..................................U..O....`..<............B..H(...........T..8............................................ ............... ..H............text....6... ...8.................. ..`.rsrc...<....`.......:..............@..@.reloc...............@..............@..B.................U......H........,..8'..................4T........................................(....*:.(......}....*.(....o....*.(....o....*V(....o....o....o....*....0..........s......r...p(....(....o....&(....o ....++.o!..........rS..p..(".....(#...($...o....&.o%...-....u........,...o&......('........+*........ru..p.%.X..1.....($...o....&...X.......i2..o....*.........'.7^.......0..H...........('......+2......,...+"..r...p.o(...,...+...s)...o*....+...X....i2..*n(....(+....(,...s)...o*...*.0..]...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaAbstractions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):43080
                                                                                                                                                                                                                        Entropy (8bit):6.28750088825409
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:/liVmiTOB1zCZq2YnlKltY1NxQmk71Iq57Le15sSdYiRv4AMxkEY/jj:MsYOBQoPnlmn53QF7NmxUf
                                                                                                                                                                                                                        MD5:78016BA656D450ABF71C51E1F081378E
                                                                                                                                                                                                                        SHA1:8FAE5079E2C0383014E55292BC904CFB3D8A1E9B
                                                                                                                                                                                                                        SHA-256:4F0281F72EB4DC4499E39F30E60BD2CA6F78D5A15DF27DCA9C44D9D18DABA17E
                                                                                                                                                                                                                        SHA-512:C9CCABB9CA14E79189214370BA42A341EE05EC9D700CB10366A588EA83AAED5A329A88C4C3EE728C95AEDA3FEA912688F90E0889FD9BB7753B8EBF414ABC23B9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G<..........." ..0..v............... ........... ...............................?....`.....................................O.......................H(.............8............................................ ............... ..H............text....t... ...v.................. ..`.rsrc................x..............@..@.reloc...............~..............@..B........................H........5..D]..................T.........................................(....*:.(......}....*.~....*.~....o....*...0..C.......~..........(....~....-.s ........~.....o....~............,..(.....*.........08.......0..(.......~..........(....~....o....&...,..(.....*................~s.........s.........~.........*.0...........s....}.....(.....s....%.....(...........s....o....%.....(...........s....o....%.....(...........s....o....%.....(...........s....o....%.....(...........s..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaActiveDirectory.Interfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):26696
                                                                                                                                                                                                                        Entropy (8bit):6.544965743722049
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:T0K5htjMahEBUPcfYt7S7YiRv0DAMxkEc:TZivBUeMy7NyxA
                                                                                                                                                                                                                        MD5:1710BF72858484D932DE10894C32E1EE
                                                                                                                                                                                                                        SHA1:6E23D9DA720C126F00282231CA074F652AC391ED
                                                                                                                                                                                                                        SHA-256:93ED895FBFAA8AF6664F32DC2A84768BF31EB0C6F6A83CB9E64F698E13B2C81B
                                                                                                                                                                                                                        SHA-512:00F075FF9AD72125E8778054A28DCCBB185091ED5F005E7C8E3420E2A9E22020E32A567C53D2AB1FF48AADCA61FF554ECAC0AAE899D1C73ADB363978167D625C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N............" ..0..6...........U... ...`....... ..............................Uy....`.................................|U..O....`..l............@..H(..........`T..8............................................ ............... ..H............text....5... ...6.................. ..`.rsrc...l....`.......8..............@..@.reloc...............>..............@..B.................U......H........$.../...................S........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{ ...*"..}

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaActiveDirectory.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):101448
                                                                                                                                                                                                                        Entropy (8bit):5.991780461389112
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:wk5raI/M+PYJrWdhXakHvmnalsHpQP7g/D9qhOh:wGraIk+PYJrWdVak+csJssrcOh
                                                                                                                                                                                                                        MD5:BC539D11D79BEFB40E4BC9826C0550A9
                                                                                                                                                                                                                        SHA1:7DA678A6BCBE67F12C6D881A3EABB461CF888023
                                                                                                                                                                                                                        SHA-256:90BBE0E5F7D49A81EA540E66EE84D1E13F4B53FA120B7D0B97215BDBE9EABAA3
                                                                                                                                                                                                                        SHA-512:3ACF6765E8D8458AFDE9D4E5F20E77B1CE2512042E474E5FA64FBF4D6476F34ADCE8E4943DC0A7C5E3F857147278D25FB7202E208092FAC73D34AFCC32A0DD15
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..Z..........Zy... ........... .............................. L....`..................................y..O.......0............d..H(...........x..8............................................ ............... ..H............text...pY... ...Z.................. ..`.rsrc...0............\..............@..@.reloc...............b..............@..B................:y......H.......@...@....................w........................................(....*:.(......}....*.s....*...0..........s.......}......}......}.....{....-.r...ps....z.{....-..~....}....+..{....~....(....r...p.{....o....(...+.......s....~....%-.&~..........s....%......{....o....(...+.rq..p.{....o.....o.....o....(...+.*..0...........(.......(.....r...p..(...+.*B(....%-.&s....z*...0..l................(......,Xr5..p.(...+r...p.(!...s".....o#...,(.o#...o$...s%....r...p........o&...(..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaCommandLine.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):28744
                                                                                                                                                                                                                        Entropy (8bit):6.45515533001197
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:qJlkp2koQIEdfRuvalJCK3QV1uXtO26PYiRv0rAMxkE34:EkpHZIEdsilAK3ng/7NYxj4
                                                                                                                                                                                                                        MD5:2FA5A14B9A97F35E0CACF9918A3CF28C
                                                                                                                                                                                                                        SHA1:2B95E5ECCD976FE63FA1697D7AB733708B538187
                                                                                                                                                                                                                        SHA-256:5D1604D628C56E3EF857D7A4046334EE032148397A5EF07618CA0ECF2DFA5729
                                                                                                                                                                                                                        SHA-512:A9157206CF47F2BD7FF51BCC82368BA5EEC71CE6ABDA83C2ADD80BF6FE1B70DF76DE6BBBC1AEECFE1076F35253354831B60A5E40C8FA19201FD2299E24B280A2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..>...........\... ...`....... ....................................`.................................N\..O....`...............H..H(..........`[..8............................................ ............... ..H............text....<... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B.................\......H........,...+..........xX..h....Z........................................(....*:.(......}....*..0..M........(.....s....(......(.......(.....(<...(.....r...p(.....r...p(.....(;...(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*...0..l.......s......(....,...(....o....&.(....,..o....&..(....o....&.(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaCommandQueues.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17480
                                                                                                                                                                                                                        Entropy (8bit):6.758731842192693
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:U5a8f2VwybIYiArevb7AM+o/8E9VF0NyVN:meVwykYiRvb7AMxkEZ
                                                                                                                                                                                                                        MD5:AB9822B06D0F470C8914F3D0BA198967
                                                                                                                                                                                                                        SHA1:06288452E43C1E83BEDE1F7E6ED65D0D7D0078D8
                                                                                                                                                                                                                        SHA-256:F978493C34022CA770EDD4E63C11D88F025ACF4B7DF0A00E2EB9FEFFFBAAAA1B
                                                                                                                                                                                                                        SHA-512:31C86A5B1511ECB087DB3FDB5B31776FDD33F684EFC8E8E64D36FDDEAD52B3D2152CB81C70A7500C888C11ACF2C5B9BEE67F7EDA4AC7EB36A3C3B4516E1417D5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0..............0... ...@....... ...................................`..................................0..O....@..$...............H(...`......./..8............................................ ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................0......H........ ..D..................../........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(......(.......(....*BSJB............v4.0.30319......l.......#~......P...#Strings....H.......#US.L.......#GUID...\.......#Blob...........W..........3....................................*.................................................b...........J.....J.....J...T.J...m.J...........~.........#.J...@.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaCommonEnvTests.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):107080
                                                                                                                                                                                                                        Entropy (8bit):5.876312287161474
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:MbbkEWWqXKlD26l6og3eHHZf5bpJGyuh20K:MbgE9Ws7bpkb3K
                                                                                                                                                                                                                        MD5:C74D9C0AC169AB6354EDE9EE8CA1312F
                                                                                                                                                                                                                        SHA1:EB166879641DFBA9A9A7784466B25A8B82DC9582
                                                                                                                                                                                                                        SHA-256:7B3D976240B42E5517E1D64F5C15139FAD1F62D01BFC0CFF47CFA3FAE4DECD0A
                                                                                                                                                                                                                        SHA-512:1E4C71C0A2F381C982A1A1C252E6296A6B331F2ACA4196EB0AAD5D3E9C4C88FDC1DFDC87F54A47BB07394BDF122C9DCB60491D4046D718E3F7993C12674F52B1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1............" ..0..p............... ........... ...............................y....`.................................:...O.......$............z..H(..........<...8............................................ ............... ..H............text....n... ...p.................. ..`.rsrc...$............r..............@..@.reloc...............x..............@..B................n.......H........b...............C..(I............................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o ...*.*.*. .u= )UU.Z(.....{....o!...X )UU.Z(.....{....o"...X*...0..b........r...p......%..{.......%q.........-.&.+.......o#....%..{.......%q.........-.&.+.......o#....($...*..(%...*:.(%.....}....*..{....*~..}......(.....(&...s'...(....*..{....*"..}....*..{....*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingClient.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):67144
                                                                                                                                                                                                                        Entropy (8bit):6.063090997637829
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:33WIoXtap3UYRd6ZUseYfUrB1igp7NkxQn:2Hde+Us2rTigph1
                                                                                                                                                                                                                        MD5:D955F049F8EA38A498672A7E35F75E56
                                                                                                                                                                                                                        SHA1:A5306BD16A9226284C4A62105263104609E8DBCB
                                                                                                                                                                                                                        SHA-256:F99BDF0A75B790656B7BDD5897714A0BC553ECC18BF5765706854D83BDF3A5D4
                                                                                                                                                                                                                        SHA-512:9594D5F51CC3F06ACAE3C034968B6068573F541DCBCFEC7D264728EEBFE2B23E3EB9CFA9BB39CB87CD290C2DE79EB2978294FADDCCA0E2409D9C4BE1B4E76A2A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@.......A....`.....................................O.......H...............H(... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc....... ......................@..B........................H.......hS.............8.................................................(....*:.(......}....*..*...0..I........(......%-.&r...ps....z}......%-.&r!..ps....z}......%-.&rI..ps....z}....*J....(.......}....*6.(.....{....*...0..].......rc..p(...+(j....{....,..{....o....,..(....*r...p......%..{....o.....%..{....o.....$....(j...*....0..........r...p(...+(j....{....o/......{.....ob...}....rM..p......%..o.....(j....{....o..........u@...,.r...p(...+(j...+.r@..p(...+(j....o....(...+(j

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingClientInterService.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):45128
                                                                                                                                                                                                                        Entropy (8bit):6.334433872961635
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:WHfUQE/js20ESMd3exc4vI1lH+pfPPCwIsrPdsUoV1y+CYiRv6AMxkEr:AcQE/jdFzdx4vbPPPd3oy77N4x3
                                                                                                                                                                                                                        MD5:CAB275D8DE6017D9F689C3425CF6FC9D
                                                                                                                                                                                                                        SHA1:1A29D6E6B86A858E40542923B34BB2BF3ED883FD
                                                                                                                                                                                                                        SHA-256:5C9A567BB553BF0CD5A8E1325901E6EEE0B6D8982D7B49D6B39090EC3B7188F6
                                                                                                                                                                                                                        SHA-512:EBD70B9BDF05DB9F86391EE6501837A603AA372CA53792E32DDCB1241F2F422D3E8B1A1E5F7018EEFA7E19D412CB3B66029E19C8E9026CB4118A610FF935122F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Ez............" ..0..~.............. ........... ..............................-.....`.....................................O.......................H(..........h...8............................................ ............... ..H............text....}... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B........................H........D..0W...........................................................(....*:.(......}....*.~....%-.&~......W...s....%.....s....*z..s$...sM...sD...sT.....(....*.0..M........(......}......r...pr...p..co...+}......}......}.......}.......}.......}....*..{....*2.{....o....*v.(.......#...s....r#..po...+*.0..........sX......}......}......}.......}.......}.......}.......}.......}.......}.......}.......}......} ....(.......Y...s....rA..po...+*..0..........sZ......}!.....}".....}#

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaConfigLoggingShared.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24136
                                                                                                                                                                                                                        Entropy (8bit):6.620109774796418
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:7VMFi5PhxeODd8iY/0f0w4yZILnvBMyXtmP8IYiArevoAM+o/8E9VF0NyrvKk:hMFiLxeOpB09+CXtmPtYiRvoAMxkEsk
                                                                                                                                                                                                                        MD5:B1D1A14DB35C8F66FD49025A6CDA9779
                                                                                                                                                                                                                        SHA1:4CF60F821385D549D434AE30A7C31442BCC9A9B3
                                                                                                                                                                                                                        SHA-256:D9288D44FD5D36A88184FCD7A3912D1DF4A90D74736B61842814F9FBD4599EE0
                                                                                                                                                                                                                        SHA-512:B814EED39AFD61375A8BF4584A822286277E509EECEEBF5BE9D0B79D4471CC3DECF831531FED0CDC6128B8973EA2FDD8FAC641D693CFB8437BEA53E688E3009A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p............." ..0..,...........K... ...`....... ....................................`.................................0K..O....`..H............6..H(.......... J..8............................................ ............... ..H............text....+... ...,.................. ..`.rsrc...H....`......................@..@.reloc...............4..............@..B................dK......H........$...%...................I........................................(....*:.(......}....*J.(.....s....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*J.(.....s....(8...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{ ...*"..} ...*..{!...*"..}!...*..{"...*"..}"...*..{#...*"..}#...*..{$...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaDalAttributes.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23112
                                                                                                                                                                                                                        Entropy (8bit):6.6290801577770155
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:yofCB8mnewxD669NyZKNMOdlwJMIYiArevFkLAM+o/8E9VF0Nyuy2:yxBrdxD669QAN1lwJdYiRvFkLAMxkEC
                                                                                                                                                                                                                        MD5:CD1A0C3E5FC7EB30DDB38636690AFFA5
                                                                                                                                                                                                                        SHA1:655D02A9C9F4CB40E5A6B5EC7E1A3E3F171F1341
                                                                                                                                                                                                                        SHA-256:8941ED9053AF28FF0EBF62E802C3CBAB5C2627882021E6C3E81A2B9E80DDA4C6
                                                                                                                                                                                                                        SHA-512:3F68C50951CE40AC7A9CBB5883D6F9A65A7EC3399EB8634CC33F316E7DF67104F2629AB8696FA949FE01DB3CC1D61A6702BCED4AD764EA8B33055B5A4B796771
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..(..........>G... ...`....... ..............................{Z....`..................................F..O....`..h............2..H(...........F..8............................................ ............... ..H............text...D'... ...(.................. ..`.rsrc...h....`.......*..............@..@.reloc...............0..............@..B................ G......H.......@$..@!...................E........................................(....*:.(......}....*..{....*"..}....*:.(......(....*:.(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{ ...*"..} ...*..{!...*"..}!...*..{"...*"..}"...*....0...........(.......(....*6..s....(....*..{#...*"..}#...*...0...........(.......(....*6..s....(....*..{$...*"..}$...*...0...........(.......(....*6..s....( ...*..{%...*"..}%...*..{&...*"..}&...*..(....*:.(......}'..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaDalExceptions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19016
                                                                                                                                                                                                                        Entropy (8bit):6.70433864438943
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:TDqXiZ67VwSCIYiArevACAM+o/8E9VF0Nyf6k:vqEeVwSPYiRvACAMxkE0k
                                                                                                                                                                                                                        MD5:5397523B69948122D63DA4998A5AB2B7
                                                                                                                                                                                                                        SHA1:F1DF3411489C1E5AFEB253813D0586391F9C2B69
                                                                                                                                                                                                                        SHA-256:6B1B29328E6B3111E3A19170EC04640EB9847EDD3AF809EE2152DA58E3E54D4B
                                                                                                                                                                                                                        SHA-512:2486FA6B8E7BF3263F0C72E6DEBFA461CCCA0088FDA182E6714A2D66EC1AB074A45EF06AC1C00032601801F0242C5569AA49296C3AAB8ACB40AFD4C4F078524B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...wO............" ..0.............&7... ...@....... ..............................&.....`..................................6..O....@..x............"..H(...`.......5..8............................................ ............... ..H............text...,.... ...................... ..`.rsrc...x....@......................@..@.reloc.......`....... ..............@..B.................7......H........!......................h5........................................(....*:.(......}....*..{....*..{....*..{....*..0..@.........r...p......%...(......o....}......o....o....}......o....}....*J.rS..p.(....(....*b.r...p..(....(....(....*"..(....*"..(....*&...(....*..{....*"..}....*"..(....*&...(....*R.(......(.....(....*..{....*>..(......}....*R.r...p.(......}....*J..r...p(...+(....*"..(....*"..(....*"..(....*"..(....*J.r;..p.(....(....*BSJB............v4.0.30319......l...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaDalRuntime.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):85064
                                                                                                                                                                                                                        Entropy (8bit):6.065367965905361
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:4JSXjN9IqXc0nEHrCGurNIWyXEIg93E0q7NOJxT:4EX/IqXcrbWyXEIN0qhO
                                                                                                                                                                                                                        MD5:58B0783B3AD069A889767F03C5834C01
                                                                                                                                                                                                                        SHA1:EEA66551EE8B68A7D9D72347619A8C27B1D0B87F
                                                                                                                                                                                                                        SHA-256:F9A847953D7209A28FBA6C08E0BBB3BE34EFDFC33370A82F8EC09329D41360F7
                                                                                                                                                                                                                        SHA-512:630FC5E57151F38234CC58F02D391F3D368BABFE2729AA4D1074CE32FE26C30274FE1DC933C47930509D0B98E2EED9EB8D773AE1FC48C9CFDB2382695B2C71CF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b#............" ..0.............B8... ...@....... ...................................`..................................7..O....@..L............$..H(...`.......7..8............................................ ............... ..H............text...P.... ...................... ..`.rsrc...L....@......................@..@.reloc.......`......."..............@..B................"8......H........n.......................6........................................($...*:.($.....}....*..{....*..{....*..{....*..{....*..{....*..{....*"..}....*.0..N........{..........(%....{........,..(&......('...-..........*((.....()...(*...s+...*...................0..)........{$........(,...t......|$.....(...+...3.*....0..)........{$........(....t......|$.....(...+...3.*..{....*..{....,..{...........s/...o.....,.........s/...o......}....*...0...........s0...}.....s1...}.....(1...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaDependencyInjection.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.730621775333225
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:aR/ekEhNdmnBIYiArev261/AM+o/8E9VF0NyHq:aR6hNdmnWYiRv1/AMxkE8
                                                                                                                                                                                                                        MD5:6BBA1AEA02A31E8A301D840FC6F1FECD
                                                                                                                                                                                                                        SHA1:955DD334D99A1EFBC28EF7A80BB6D9DE72DBD721
                                                                                                                                                                                                                        SHA-256:D918A204021DCB1B85168C8A3F1AC9C389242DE282EBA7630D6EAF72F8110A43
                                                                                                                                                                                                                        SHA-512:3E87C8D63F33830D32B081DE7E0546F358F15320E9F45DB86327E53A679CDA828B45E3E1E13A471DCDB24A1184012A61143EEBF1BC6CC9764CED28ED67FD8A26
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<:S..........." ..0..............2... ...@....... ..............................B.....`.................................f2..O....@..|...............H(...`......h1..8............................................ ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................2......H.......@".......................0........................................(....*:.(......}....*.~....*.......*.(.............`,...o....%(....*(....*.(.............`,!.o....%..........(..............*(....*....0..........(.........-.(............+...`,1.o....%..........(....%..........(..............*(.........,.(.........-$(....r...p.....(....o ...(!...s"...z(....*..0..........(.........-.(.........-.(#...........+...`,A.o....%..........(....%..........(....%..........($.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaEnv.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19528
                                                                                                                                                                                                                        Entropy (8bit):6.6642651332110745
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:3WiWoaUzPHF38Lvrd2SbIYiArevKAM+o/8E9VF0NyAca:QyHF3erd2SkYiRvKAMxkEk
                                                                                                                                                                                                                        MD5:D8FAAB044E2CB8B06F22FC8AE4BE4065
                                                                                                                                                                                                                        SHA1:521A25E4C645DD349BFBBE6B9AFCEA9304CE37F8
                                                                                                                                                                                                                        SHA-256:5ACFDD60C8357314978F89D692BB690E5FD0B624A6254C6E71306C8AE2BFA413
                                                                                                                                                                                                                        SHA-512:5F710A526EB3092E540F43DB5784851DDBD1D36C44A8F245206B57E38335B112F0C0F567385785AB475F40C2556C0CB0D4E37EB0906FB21D6CC40FE6882E111E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(i............" ..0.............^8... ...@....... ...............................9....`..................................8..O....@...............$..H(...`......,7..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................>8......H........".......................6........................................(....*:.(......}....*&(.......*....0..,............(..........(....-.(......s..........*.*.0..,............(..........(....-.(......s..........*.*2.s.........*..~....%-.&~..........s....%.....(...+*..~....%-.&~..........s....%.....(...+*..0..Z.......(....r...po......-.r...p(......(....-..(....*(....( ...,.(!.....(....-..(....+.....&...*.*........9..S.......0..=.......(....r#..po......-.r#..p(......(....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaEnvTestInterfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):33864
                                                                                                                                                                                                                        Entropy (8bit):6.460514794086125
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:UL8HSJmf3W0byp5p8EPg9B2UWqXnhF+8m/2s1GTHKHNOC9u3GS+nS6dMy2YIYiAT:DSJXp5XIEuwrdMymYiRvaBAMxkErP
                                                                                                                                                                                                                        MD5:582EEF522E6D1B37A6D2FAE9490947E3
                                                                                                                                                                                                                        SHA1:9DF7C311D9486FF116A4E161972964A8D1F20B5C
                                                                                                                                                                                                                        SHA-256:2818D67EBED000DDED8D9813B1CAC2C491DCA8E9137856DD338538270A328CFC
                                                                                                                                                                                                                        SHA-512:0F73412F8141E0E361D1745A5B38BE11FEDDB235059F9035069C6D0DBC0FFB04AAC954032AA45BCE00A4A082565AE94E319A4B8530B0942DF29911692D2C1FDB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..R..........Vq... ........... ....................................`..................................q..O.......<............\..H(...........p..8............................................ ............... ..H............text...\Q... ...R.................. ..`.rsrc...<............T..............@..@.reloc...............Z..............@..B................8q......H.......p,...C...................o........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..*............(.....(.....(............&....&.....*.......................#......R.........o....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..$.......r...p..(....,N.(....o....,;r...p.(....~R...%-.&~Q.....x...s....%.R...(...+(...+("...+.~#....($...r...p......%..(....%-.&r...p.%..(....%-.&r...p.%..(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaEventLog.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):44104
                                                                                                                                                                                                                        Entropy (8bit):6.2478281607014035
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:OtVHOO8nDSkmvkr6IHMbaqCDJk9yE0Gxod9HqYiRvpAMxkEO:OVHO3nDpmvkr6eMuqCD20q2K7NxxS
                                                                                                                                                                                                                        MD5:1191ECC3213A828BCE0898121D97DE05
                                                                                                                                                                                                                        SHA1:891C9E9A32DBA1E1175FF808C72CF5065943B240
                                                                                                                                                                                                                        SHA-256:B7C5D55336F16060018E87E1D4E6DC6C0D9483CF1E0CEE29A7A07F8A6FC714C8
                                                                                                                                                                                                                        SHA-512:C5B87190B9A0FF8D05987693FFE99AD848E0DE3EF0D4C997A91CF37F6F389D82247DA6025CD2334B8350DDE9ED32FC260CCA789F0E44D1BB076501BAE139F752
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..z..........f.... ........... ..............................Y.....`.....................................O....... ...............H(..........4...8............................................ ............... ..H............text...lx... ...z.................. ..`.rsrc... ............|..............@..@.reloc..............................@..B................H.......H........?...V............................................................(....*:.(......}....*..{....*..{....*..{....*..{....*..{....*"..}....*>....(....(....*..(......}......(....(....}......}.......}......(....*..{....*..{....*..(......}......}.....(....(....*..{....*"..}....*..{....*"..}....*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*Z.......J...s ...(....*..s....}.....(......sb.....s....(!...(....*..s..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaFeature.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):46664
                                                                                                                                                                                                                        Entropy (8bit):6.5350647996431235
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:QPoVeBvr+SmBb/Acos2BiosUp+pqF049FaEmtK4ollWVV6brYiRvVAMxkEQV:QPtBjGBFo1ifUpuxFEmtK4Da/7NtxQ
                                                                                                                                                                                                                        MD5:149A58B07659288CF5AF12F281DC81D4
                                                                                                                                                                                                                        SHA1:32687CC91DFCE5FEB52AA33AC332BACFD057631F
                                                                                                                                                                                                                        SHA-256:DF17B2AE275E17F019D7B90243D7435254EDECD2BD557CFF7B083D14FBE78C66
                                                                                                                                                                                                                        SHA-512:20C5B545AA4FA44EC63478631BFB7AB127E7479FD22F8BA4F24B0D881B255A5B93BBE4614B1E890BB96CF2429520AC1FF2845E45B7F459385A9EECA0D9C4C3E3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#............." ..0................. ........... ....................................`.....................................O.......................H(..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........#..4...................8.........................................(....*:.(......}....*..0..x........s ...}+....(!....-.r...ps"...z..%-.&r...ps"...z},....o#....+%.o$.....{+...s....%.}....%.}....o%....o&...-....,..o'....*......<.1m.......0..[.........}-....{+...o(....+1.o)......(....&r1..p..|..........o*....{....(...+.o&...-....,..o'....*.........=P.......0.............{+...o(....+^.o)......(....,Nr...p..!...%..{-....%..|..........o*....%..{........0....%..{.....0....(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaFiltering.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):90184
                                                                                                                                                                                                                        Entropy (8bit):6.084166737032788
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:9Dadd5kDSFlhAVzdhlOlKaMFm4Q/Z9uyLsd+Bl8KA7NSx7:9Wd5rlAdyljMFm7Z/LJ2KAhu
                                                                                                                                                                                                                        MD5:B1F724EAA9FB62AED58C3B880A14ADE9
                                                                                                                                                                                                                        SHA1:C835ACEA985B3D327643944823BF4009E525C34D
                                                                                                                                                                                                                        SHA-256:E3ABF02ADC098050D9943B6D30CBFAD623277EC659C546F0FD9E1D0B3DDA2AEA
                                                                                                                                                                                                                        SHA-512:37A26BD092D1C42FB2C3708ACEDE214259082907FEC7712F3EDE24CCC63BDEAA28A56A47504A7FFFACD6476516918CE008E0F562C5C06D976F5E4AD513AF64C4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....B............" ..0..............L... ...`....... ..............................VV....`.................................oL..O....`...............8..H(...........K..8............................................ ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................L......H................................K........................................(&...*:.(&.....}....*..0...........('...%-.&...~.......o(...,..*..]...()...(*...,!~....%-.&.......s+...%......8......_...()...(*...,.~....%-.&.......s+...%......+h..K...()...(*...,.~....%-.&.......s+...%......+8.o,...,.r...p.(.....+".o-...,.r...p.(.....+.rC..p.(.....~......o.....*..0..I............()..........%......()....(/.........%...o0.........()....(1...t....*R.,..~2......o3...*.*...0..o........,..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaFilteringSdkSupport.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32840
                                                                                                                                                                                                                        Entropy (8bit):6.445876841303233
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:QNGY5w48s0kMFMCzriCq+tmc4YiRvEAMxkEdmk:QNGY/IV/Jq7v7NCxhmk
                                                                                                                                                                                                                        MD5:E6BD383D8F37F7BAD546C2085B3C9AA5
                                                                                                                                                                                                                        SHA1:CB006E702662896EF79469B6C46DEF1C31D08D59
                                                                                                                                                                                                                        SHA-256:2E01EB7B10F45DCD0C18E7E0D096B4961855AFD31B41098D1AFF28E5566926AF
                                                                                                                                                                                                                        SHA-512:7C9734CD48BE406BECD7F8F9316524FA4FED5806D6744A987114EBE9373ED87B41D11779E49D61B01BE87AA84343E4A558A75B56980FF5A58D3403A9E9624ED6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E5............" ..0..N...........l... ........... ....................................`..................................l..O.......H............X..H(...........k..8............................................ ............... ..H............text....L... ...N.................. ..`.rsrc...H............P..............@..@.reloc...............V..............@..B.................l......H........2..(8...................k........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..s....}.....(.....s....(.....s....(.....s....(....*"..}....*..0..........(....r...p.(...+.(...+..,..o....,..o....+.~.....(.....r+..p.(...+.o....,<..o....s ...}.....).(....rG..p.o.....o!...o"....o#...(...+...(....o%...-..o.....o&........+I.........o'...,.....(...+,......o(...o........(....r ..p....(...+.....X.......i2.s*.....o&.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaIdentity.Interfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64072
                                                                                                                                                                                                                        Entropy (8bit):6.222710989719858
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:WCYkwe/8yiJi47MqTop3zSOy47iBcEwXB+/+tOY1DwkEdmRZYiRvoAMxkEtX:Ww8yWFop3e9WB+/21DwkJ/7N2xpX
                                                                                                                                                                                                                        MD5:C260D1CBD831A63F01FCA39DFC942D98
                                                                                                                                                                                                                        SHA1:9EE417FCA467653A831FEF3DBE2DB59CAD349689
                                                                                                                                                                                                                        SHA-256:BA4EF998647C2E31E3037021C519B02D02E6193D7341B694A1CC07FCCC93A64D
                                                                                                                                                                                                                        SHA-512:80F204EB26D95628E32C4B9B426D43B14CFA5194D9F191433FACEA06270CE21DFD2AED31AA88EDBE2D4016B52C0B955AF02D5FD1A356FF710C46DF3B2885B041
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^.... ........... .......................@.......L....`.....................................O.......H...............H(... ..........8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...H...........................@..@.reloc....... ......................@..B................@.......H.......`D..8.............................................................(....*:.(......}....*..0............ ......(......r...p(.......{....(...+..r+..p(......r/..p(.......{....(......r+..p(......rU..p(.......{....(......r+..p(......r...p(.......{....(......r+..p(......r...p(.......{....(...+..r+..p(......r...p(.......{....(...+..r+..p(......r...p(.......{....(...+..r+..p(......r...p(.......{....(......r+..p(......r?..p(.......{....(......r+..p(......r]..p(.......{....(....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaIdentity.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):58440
                                                                                                                                                                                                                        Entropy (8bit):5.969902794644807
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:fHrFqyjJRVe/41jvcqklrB0BHRoZW7Nzx6X:fDmgjvcqklrBIRoZWhwX
                                                                                                                                                                                                                        MD5:BB38988CD926C29C5479558C837091D5
                                                                                                                                                                                                                        SHA1:1D39D955816313C5CC0AF5CCBA95AC2052337617
                                                                                                                                                                                                                        SHA-256:7DF990E9062B95C507175522D6E7A557661BEF19F6DE6CF1185E94925987EE55
                                                                                                                                                                                                                        SHA-512:0BBF9A09427BB7DBD1D86CEFBE9B5E2F1AD0CDBE6C1B5B4806C9844514B4BAF8F7F30BB1DA5D3E90DAB01E401FBF520EA1658C6D69C1B0FE27B1A7165AA2BAEC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1.8..........." ..0.................. ........... ....................... ......(!....`.................................k...O.......................H(..............8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........C..x.............................................................(....*^.(.......H...%...}....*:.(......}....*:.(......}....*:.(......}....*6.......(....*..0...........(......}......}......}.......}....(......(....r...p.o.....o....(......L...%....o....}.......%-.&(....}....(...+.#.......@(...........s ..........s!...(".....(...+.......s$..........s%...(...+.o'...}....*.0......................((...&.o...+....o*...o+...o,......o-......{....(....,..{....+..{........r...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Interface.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25672
                                                                                                                                                                                                                        Entropy (8bit):6.422624653592916
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:CRBfi7LLOn+Hpo5/Q0rIp1AmjIYiArevJrVAM+o/8E9VF0Nyau:6uvJsmp1AmMYiRvjAMxkEp
                                                                                                                                                                                                                        MD5:8E727B31530C7BAD52DB8FDDD1F3946D
                                                                                                                                                                                                                        SHA1:E9DD7E2601A9D498064C004E3FEF9C0717EDEB3B
                                                                                                                                                                                                                        SHA-256:CF9AB503533026144C95915CCCCF50C0B8987666A18E77909EEFD5EEA3793FB8
                                                                                                                                                                                                                        SHA-512:4720E59EDB3F981BE4BA646B315F6CC67CB5145D2CA506FA0C49D8206852592D4B5F823C4BF55428A6F8F9AA4AC90794A391F4F90E66555FA95185E509A53D09
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u............." ..0..2...........P... ...`....... ..............................z.....`..................................P..O....`...............<..H(...........O..8............................................ ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H........"..0,...................O........................................(....*:.(......}....*..(......}.....~....(......}....*..{....*"..}....*..{....*2.(....(....*2.~....(....*.(....r...p.{....o.....(.........(....*...0...........,..(....-.*.r+..p.{....o ...o!...ru..p.{....o"........o#...r...p.{....o$........o#...r...p.{....o%...o!...rC..p.{....o&...o!...r{..p.{....o'....7...o#...r...p.{....o(...o!...r...p.{....o)...o!...&.(....~....(*...,$.rC..p.(.......r...p(....(+...o!.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.Models.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):27720
                                                                                                                                                                                                                        Entropy (8bit):6.4938387182486546
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:7uYJy1XngrnyRy0N7fYYiRvVHAMxkEGPH:7uuicFoA7NVnxm
                                                                                                                                                                                                                        MD5:F5DD43EC3FFDD71EFFDCD358A64E44F2
                                                                                                                                                                                                                        SHA1:FBC6CCF4464441D5B64A6A9CDC92F55B4CBFF439
                                                                                                                                                                                                                        SHA-256:F8FA75088D11DD83530159FEB0D4C6D2807F6E3E73CADD44CCC0AE87AA6FE816
                                                                                                                                                                                                                        SHA-512:27B1C567B81F88CC2E860525D25BDB3DD9354188383835F31DC9012BACC49F4268BFCA78D2DF395214F94424C0DFF88E3D7360CB2E9112BFF032D204CE772FE0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G]............" ..0..:..........NY... ...`....... ..............................o2....`..................................X..O....`..l............D..H(...........W..8............................................ ............... ..H............text...T9... ...:.................. ..`.rsrc...l....`.......<..............@..@.reloc...............B..............@..B.................Y......H.......T(.../..................dW........................................(....*:.(......}....*..(......}......}......}.......}....*..{....*..{....*..{....*..{....*.0..D.......(....r...p......%..(.....%..(.....%..(....."....%..(....."....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..D.......(....r...p......%..(.....%..(..........%..(.....%..(..........(....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaInterServiceManager.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):97352
                                                                                                                                                                                                                        Entropy (8bit):5.808710805690186
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:8fRCTFhmImWkoB7ZwLiOGeqdSDg6Q7XrF7P6dPVZdo7Npxe9U:W4mImWkK7Zw1oWg6GrF76BdohGG
                                                                                                                                                                                                                        MD5:2DD4015DF76436C39193BCF199B235B5
                                                                                                                                                                                                                        SHA1:D072F499A69C158153B055225BC51A6EEB5834F0
                                                                                                                                                                                                                        SHA-256:0375F0BC6AF4A70784A6FA3A659360760DD1C5C9282565C3BCE555A9980BBFF4
                                                                                                                                                                                                                        SHA-512:C7A55D505627926E098CE13129E212E8FA28FE09B82AB625D8CD42EA26D3774D0F45C2EC1DB991452225EAF4546FE431414BBBC5042E27EB88A813269D5004E5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..J...........i... ........... ..............................%.....`.................................\i..O.......H............T..H(..........\h..8............................................ ............... ..H............text....I... ...J.................. ..`.rsrc...H............L..............@..@.reloc...............R..............@..B.................i......H.......L}.......................g........................................(....*:.(......}....*..0...........{....r...p(.....{..........(.....(%...-..{....rI..p(.....F...,..(.......()....1..{....r...p.(...+....{....-..{....+..{....(.....*...(......$=........H..P..,.......Td.......0.............{....,.*.{....r-..p(.....{..........(.....{....r...p(.......{....-1.|....(....-..()....(..{....r2..p.(...+..j}.........,..(......{....r...p(....*......F..[..,.....$.Uy......&(.......*..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaLogging.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):126536
                                                                                                                                                                                                                        Entropy (8bit):6.157244812120886
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:p+T0ALDroBX1thLGeopppS555KiTTTnjo/ApuOhSIrXhp0:p+WlthLGeopppS555KiTTTn5bBVG
                                                                                                                                                                                                                        MD5:DD5B712CCC880DD1C0B5CFDA72517BC0
                                                                                                                                                                                                                        SHA1:187129207C0BC10B84D39306A284B509798FBF49
                                                                                                                                                                                                                        SHA-256:DA7AF58ECC243F7195991A27C0D79C9C5876E189A5B08531E65E681548C580F4
                                                                                                                                                                                                                        SHA-512:39E4E39F8B4405EDE896F5FCE90189C0B6FC6BF6E45DC348E4F1FE66D787E8C15677FC936054A508E6AA9AD8C8DE49F006F70F30EADA5128A0AF9EF45A658014
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........." ..0.............f.... ........... ....................... ......n.....`.....................................O.......,...............H(..........4...8............................................ ............... ..H............text...x.... ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B................F.......H...........(5...........................................................(2...*..(,...*^.(,......}...%...}....*:.(,.....}....*:.(,.....}....*...}.....~C...o-...}.....{......(....o....&..}......}....*..0..D.........}.....~C...o-...}.....{......(....o....&..}......,..(....+..}....*..o/....~...(0...(1...,.......(0...o2......*.*2.{....o3...*..{....o3....{....,.~C....{....o4...*:..}.....{....*F ........ZX(5...*:.{.....o6...&*..{....,..{.......(...+o6...&*.,..{.....o6...&*..0..4...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaPlugin.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32328
                                                                                                                                                                                                                        Entropy (8bit):6.330535625950623
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:uPyacuZU6IYE1+bH2UUO1KY1lXO6YiRvWAMxkEr:mppEzHUUO1KYHX7Nkxf
                                                                                                                                                                                                                        MD5:E6C2936A2A673F8146BF75B219881E90
                                                                                                                                                                                                                        SHA1:FE7D737EF47905290FF4893A3BC1F3CDFBE5EDD0
                                                                                                                                                                                                                        SHA-256:C446A825496E93B4523B27D2F289EC7157B2214C174F7B63AD675409ABFDF7ED
                                                                                                                                                                                                                        SHA-512:CF5DE5D4DA0870533851D2929DD96B358E9B02B04072F2E7C6840FCE9843C58C5B54A3EE1CB3A7363C377D29243B8D24CDECA84E8FC76C3742C73B2EDC93BFF6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$............" ..0..L..........Fk... ........... ...................................`..................................j..O....................V..H(...........j..8............................................ ............... ..H............text...LK... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................(k......H............;...................i........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..(....*...0..%.......s.......}............s....(...+(...+*....0..:........(...+...(...+.......,..*......,.r...p........o ...(...+.*...0..q.......s"......}#....{#...($...-=r...p.{#...(...+....%...s....(...+(...+.......,.r...p.(...+.*rJ..p.{#...(...+.........*....0..........s'......}(.....}).....}*.....}+.....s,...Q(-........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaProductInfo.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24136
                                                                                                                                                                                                                        Entropy (8bit):6.611343552293238
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:G+g5d8ohVjHYOM/2p19O6oIYiArevboGAM+o/8E9VF0Nywpt:GB8aRM619O6xYiRvbRAMxkE+
                                                                                                                                                                                                                        MD5:5714DB005FC572BBAF8E69A43397FD9C
                                                                                                                                                                                                                        SHA1:A6C23E583AF74D6444BBA501BEA87F175452AB40
                                                                                                                                                                                                                        SHA-256:22EB236D58FB486876A651A82FF1496D34CE3B4F4138AA9457792A56533F659E
                                                                                                                                                                                                                        SHA-512:B671C3110CD1DEEEBAC0570E1F9647E834C6DB61E4988EBB8CB36F3F552D594F189D6CA49301445E93DC13312177B4A146E4847F5E2960770FB8799F40553612
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....p..........." ..0..,...........J... ...`....... ...............................i....`.................................fJ..O....`...............6..H(..........xI..8............................................ ............... ..H............text... +... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................J......H........&..T"...................H........................................(....*:.(......}....*..0................%.s.......o.....r...po......o........s....o...........%.f...(....o......o...........%...%...o......o......%.s.......o.....rS..po......o........s....o...........%.e...(....o.......o...........%...%...o......o......%.s.......o.....r...po......o........s....o...........%....%....o.......o...........%...%...o......o......%.s.......o.....r...po......o........s....o....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaRegistry.Interface.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19016
                                                                                                                                                                                                                        Entropy (8bit):6.652626459891046
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:hAmFTsL2rPBIrKh9tMo8djpOIYiArevvAM+o/8E9VF0NyoY3e:hASsL2tcKhjd8djpDYiRvvAMxkEde
                                                                                                                                                                                                                        MD5:BA00F684E741646E75D1FACCBCE197AD
                                                                                                                                                                                                                        SHA1:4B05734DA88CF3B0450FDCC3D78663B8E00635B9
                                                                                                                                                                                                                        SHA-256:DA1938CAF57AC4D2910C66E2E05E859B4A1359F4F87AD4B748A33F003C5F231D
                                                                                                                                                                                                                        SHA-512:359C79BA969B2061C964A6FCF3174CC80E1FEF6D3E6687EE9095F134A551DC11CE53959B4F68DBD966FF9711C7B3612A0D77AEADD2EA956966851C1066684F44
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."LE..........." ..0.............v6... ...@....... ...............................^....`.................................$6..O....@..p............"..H(...`......(5..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`....... ..............@..B................X6......H.......h ..@....................4........................................(....*:.(......}....*.BSJB............v4.0.30319......l.......#~..P...$...#Strings....t.......#US.x.......#GUID...........#Blob...........W..........3..................../...D...................................................4.t.....t.....B.........'.................T.....m.............U.........r.............t...W...........>.J.....t.........G...........i...........I.............O...............%.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaRegistry.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):38472
                                                                                                                                                                                                                        Entropy (8bit):6.180595281775346
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:/xaWLgViuKnVMz2hiel7D7IthjWKkqPwzlGgbzg699S2YiRv/yb6AMxkEpj:+SD7CAKkqwzlMwb7N6b4x9j
                                                                                                                                                                                                                        MD5:862FD6770AA9A59A7409F753577CC716
                                                                                                                                                                                                                        SHA1:B7B4EE22538F0809D69FFBA52F8BEB17AC2E1CF0
                                                                                                                                                                                                                        SHA-256:6B4058A1636489EEA54E661458CF82416FDB3F07CB4EF115C51A8632D4A451D3
                                                                                                                                                                                                                        SHA-512:7FD02D047DE1511A77EF8E22A23FEBE9C8F378D244338225051EFF220359F6DD6D489C9F24B9F2186DB55BBD6007C005E4FAE4CEC5FD4E859ACB7706AD1FA010
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%o..........." ..0..d..........F.... ........... ...................................`....................................O....... ............n..H(..............8............................................ ............... ..H............text...Lc... ...d.................. ..`.rsrc... ............f..............@..@.reloc...............l..............@..B................(.......H........=...C............................................................(....*:.(......}....*.~....*.......*...0..........(....,.*s......o......(....%-.&~.....o......-..~.(.......0..qr...p.(...+(.......(....(....(......(........(.....l7..9.(.......0..,(....,....,..o .....,..o .....,..o ....(!...*..(....+.`................................0..#........r...p..A...o".....uA...-..*..A...*..0..+........r...p .....A...o".....uA...-. ....*..A...*"..(#...*n.{....-...s&...}.....{....*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaSchemaProbeDal.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64072
                                                                                                                                                                                                                        Entropy (8bit):6.221218975221146
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:dZDHkhlw9Wic4hPEUskzJmskhA9qCkZo3oCSr3GFpPpq7NEx+:jD4w9WiXh8tW9qCkZo3oCSrWPPpqhp
                                                                                                                                                                                                                        MD5:F8A1A28417BAF4CAE08CD9BAD458C908
                                                                                                                                                                                                                        SHA1:32103D26B7E2664FE4E3ACD6C4B9A96E41AEE706
                                                                                                                                                                                                                        SHA-256:8AD5FC647008E1E8E6F95CB6ACBEBA81963AEFC735CEE58699C32F968CB0A0CB
                                                                                                                                                                                                                        SHA-512:4F03F7074D1B3EF718E44D0C560867CB1146E6BC1C447E9E4ABB4BEC8629E30E1613EC2F6FC91416BFE2DBF7E266D1271B9EDEF8250A7E5C27040420CF6D10C0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... ..........." ..0.............n.... ........... .......................@............`.....................................O.......$...............H(... ...... ...8............................................ ............... ..H............text...t.... ...................... ..`.rsrc...$...........................@..@.reloc....... ......................@..B................N.......H.......,N..|.............................................................(....*:.(......}....*..{....*..{....*"..}....*..{....*..{....*"..}....**.(.......*.0..a........(.......%-.&(....}.....-..(....r...p(....~........}.....o....(....,..ru..po..........( ...(....*b.(......(....%-.&*o!...*:.(......("...*:.(......(#...*b.(....r...p.($....(#...*....0....................s%........*2......(....*...0..........s~......}7.....}6....r...p(...+(.....(....r...p........s'......."....o(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaSchemaTools.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):52808
                                                                                                                                                                                                                        Entropy (8bit):6.1943038226185285
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:2PdBPevPuN7TCbsxEusIY5UtJ9BWAoyg73JlIx6VCdO9/YiRvERAMxkEcX:sQPSxBOaJfm5Cx6VH97Nox8
                                                                                                                                                                                                                        MD5:56DB5E189BA77A324FE74FD22D355307
                                                                                                                                                                                                                        SHA1:7C421BE46C9E20D56CC85414F63EDF2A401E2881
                                                                                                                                                                                                                        SHA-256:2E1F4AD77BCF4CDCCD6BE4F46D2B3034FFE677181D1516793BB1711CA741EC35
                                                                                                                                                                                                                        SHA-512:188E28B1CF95874DB1641D62AE9FAC210DB7CF5D2DBD21A9C078C51D0EBB43F0611EBE7F498DF79C8B9A1A468FF8577BBDC0F403B277A3EAA5B50EEA60EC7D26
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............b.... ........... ..............................r.....`.....................................O.......................H(..........(...8............................................ ............... ..H............text...h.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................D.......H........W...`............................................................(....*:.(......}....*..{....*"..}....*F.{....%-.&.(....*"..}....*..{....*"..}....*..{....*"..}....*..{....(....,.(....r...p.(....(...+(....*.{....*"..}....*..{....(....,.(....ro..p.(....(...+(....*.{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*....0..........sk......}+....o......o......,..-.r:..ps....z.{+...(....-m.r\

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaSecretEncryption.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):29768
                                                                                                                                                                                                                        Entropy (8bit):6.37750248831295
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:gUi05OYNBvSgfk/FKuJd1fpfowFu7gfBaMdVmEIYiArevHAM+o/8E9VF0NygYm:gJ05x36gfk9boDNMdVm1YiRvHAMxkEM
                                                                                                                                                                                                                        MD5:4F1469126E382FDD44AA617C7DA798C3
                                                                                                                                                                                                                        SHA1:A4622FDC81CC8AD5C1E7F9C48A9F8B130D2B20F8
                                                                                                                                                                                                                        SHA-256:B80E17056E8981B44282C5AD005E4A3378B8703A74F69BB349281171A759C988
                                                                                                                                                                                                                        SHA-512:A7B642ACBD1BB04C3544326856C3D302E13620932B4DF4C1CDB8AF1D5BD2DECC0F3DA2A46CAD9BB867976C69FCDF084D8CE79CD41EFE318E178D5EC61AFB9D74
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..B..........f`... ........... ....................................`..................................`..O.......0............L..H(..........._..8............................................ ............... ..H............text...l@... ...B.................. ..`.rsrc...0............D..............@..@.reloc...............J..............@..B................G`......H.......`1..0-...................^........................................(....*:.(......}....*..0..........~..........(.....t......oH....r...p......%..oJ....<[.+....%.r...p~....~....%-.&~......O...s....%.....(...+(.....o8...~....o....~....o.............,..(.........u....%-.&+.(H...%-.&+.r...p......%...o9.....*.............................0..........~..........(....~.....~.......o....-..j+...jXo....~....-m.(....,e( ....~....%-.&.......s!...%.....sL...%.(....oI...%.(....oK....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaSecretEncryptionManager.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23112
                                                                                                                                                                                                                        Entropy (8bit):6.551203835248294
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Eqrc54I/cUBWAKZWa5obsuKnbFq1FIYiArev34AM+o/8E9VF0Nywi:EVcUByqbsjbFq1yYiRvoAMxkEp
                                                                                                                                                                                                                        MD5:970425F98C3B429A020731BBE7CAB472
                                                                                                                                                                                                                        SHA1:67927C1AA4CA6C0278AD49B33D2B4CA99B7D8288
                                                                                                                                                                                                                        SHA-256:C46DE218BAF53D7F148D651561F137F38768FF34487C73E138F57BF9653077ED
                                                                                                                                                                                                                        SHA-512:6797EDC5DD5255C9DD870A2AFDC8F2E407A2D3140060282C7C145B60A0E698F988FB8B9A662439D2F15C59898D2A38DE14C73AB9B064FF20ADD2AC6BA3617451
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A.R..........." ..0..(...........F... ...`....... ...............................s....`..................................E..O....`..`............2..H(...........D..8............................................ ............... ..H............text....&... ...(.................. ..`.rsrc...`....`.......*..............@..@.reloc...............0..............@..B.................E......H.......X(.......................D........................................(....*:.(......}....*..0............s.....s......{........8............o....%-.&.+.(...+%-.&s...........o......o......8......(.........o....-v....o........,Y.{........o....o.......o.....;...{....r...p......%.........%...o.....o ....{......o!.........,...o"......(#...:k.............o".....!...{....ru..p......%....o ..........X......i?.....o......8....s..........(....}.............s$...(...+(...+....(...+

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.DelegatedAdmin.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):68680
                                                                                                                                                                                                                        Entropy (8bit):6.050958308446742
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:llk6Z+F+rR0eaOc6KFCo4ZkSLRq2mJMavjxRFwd1YTvyBSi46sKVHfClRX9ULbEG:vg+WoYj1wd1YTvyBSi46sKVHfClRX9Ul
                                                                                                                                                                                                                        MD5:12DB53F8356059D259F908C9C3387628
                                                                                                                                                                                                                        SHA1:CDDF76E827AE5E54D0407BB99499D1121AC6A53A
                                                                                                                                                                                                                        SHA-256:C10FD6CB76B889E967C559D3A43F7D9EB73638B13B176B0867D1D047AB2A358A
                                                                                                                                                                                                                        SHA-512:C20AC5452A15B18933B820913D6FACDC3D22E1FA02AE9E52CB40A08326C6B2B0CADC895C888595909E1CB5279AC8C86BF141DF4D02FB5298E5183F1B592E7A5D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Y..........." ..0.................. ........... .......................@......R.....`.....................................O.......x...............H(... ..........8............................................ ............... ..H............text... .... ...................... ..`.rsrc...x...........................@..@.reloc....... ......................@..B........................H.......4X......................<.........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*6.{.....o....*~.(......r...pr...p..o...+}....*..{....~....%-.&~-.........s....%.....r'..po...+*....0..H.......s.......}R.....}S......}T.....}Q....{...........s....rE..po...+..{Q...R*.0..X.......s.......}W......}X......}Y.....}U.....}V....{...........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Features.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):65608
                                                                                                                                                                                                                        Entropy (8bit):6.2422235863652675
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:0Wd5Ayl2xvOrgPOPT6HKs8PNnksz/247N7xDh:0Wd5X2xvpPOPGHKs8P1ksD24hb
                                                                                                                                                                                                                        MD5:9BE06E6CF9466334F25C56E4A77867A0
                                                                                                                                                                                                                        SHA1:1296C72EE1F6821CD2B520D8E802CE8A48CE6490
                                                                                                                                                                                                                        SHA-256:3587662C1F81C700D440105908072E1A6F154826AE103833A33A4EE666498756
                                                                                                                                                                                                                        SHA-512:EAAE60AD1B15B0C9B5D0DE9452A0E4A1D6DE7FB3D2D73385C4B32A6B14E39BC76010602E2DE2CF3E57657434953AB9A1CC4843F56AD7B87747E53BBBF62B1FBC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J............." ..0.................. ........... .......................@.......@....`.................................l...O.......T...............H(... ......l...8............................................ ............... ..H............text........ ...................... ..`.rsrc...T...........................@..@.reloc....... ......................@..B........................H........>...............................................................( ...*:.( .....}....*6.{.....o!...*~.(".....r...pr...p..o...+}....*....0..*.......s.......}o....{...........s$...r+..po...+*...0..*.......s.......}p....{...........s$...rM..po...+*..{....~h...%-.&~g.........s&...%.h...ro..po...+*..0..H.......s.......}q.....}r.....}s......}t......}u....{...........s&...r...po...+*..{....~i...%-.&~g.........s&...%.i...r...po...+*....0..........s.......}v.....}w.....}x....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Ism.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):26184
                                                                                                                                                                                                                        Entropy (8bit):6.556201717547561
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:vs5MBuitFx78PeM8e5khdMmNIYiArevcAM+o/8E9VF0Ny7vtB:vTBuiePeM8vhdMmaYiRvcAMxkEZ
                                                                                                                                                                                                                        MD5:BD12BF6CD613DD68D2614BBC35F07BEA
                                                                                                                                                                                                                        SHA1:2C634E7C441702FE61BB849B3D910978F79EE6A0
                                                                                                                                                                                                                        SHA-256:798721869D5F1FCCCAF85CFCE733B44C06F8A2129CD0CEBE86C373C7BB1CC8DD
                                                                                                                                                                                                                        SHA-512:9A704747ACF0F3D1FF2B080A3A4E997F12A8A17CBA8FC15E63A8F7ED3B2363E3CA85EFF1F6CE1ACE46A8470CEE366A9229074E53EF32A416BFC9231780D394C8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....)............" ..0..4..........jS... ...`....... ....................................`..................................S..O....`..<............>..H(.......... R..8............................................ ............... ..H............text...p3... ...4.................. ..`.rsrc...<....`.......6..............@..@.reloc...............<..............@..B................JS......H.......0(..p)...................Q........................................(....*:.(......}....*..0..E.......(....o......r...p.(...+..(.......(.......o.............o.......s....*....0..E.........(....o.....(....o....(....o ...(....o!...(....o"...(....o#...(....*....0..........(....o$......(....o$......+...(%...-.(&.....s'...+.(&....(....o(...s'.....,W..3S.ri..p()......(*...o+...(*...o,......l(-.....l(-.....l(-.....l(-.....l(-...s.....+5.r...p().........l(-.....l(-.....l(-.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.KeySharing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24648
                                                                                                                                                                                                                        Entropy (8bit):6.531880912926373
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:nibUmdIdYdgPGME7kQSFXid5xj7kNtOJIYiArevFAM+o/8E9VF0Ny1nZdL:nibUzdYd6E7KAkNtOeYiRvFAMxkET3L
                                                                                                                                                                                                                        MD5:0E05B422E6043E7772FDEBEEE37BA15C
                                                                                                                                                                                                                        SHA1:158F966B90931D1FC393F803008E4D62D848C251
                                                                                                                                                                                                                        SHA-256:A6611100C9B29D80A39E7A130455B139C00FBDD564F0921136C71F126DB52B87
                                                                                                                                                                                                                        SHA-512:DD66B16340833F802C9DA43F13BEAB4A16F73DD6A5B8FC4DD4D850959E05315BF9359506DC72507F5E7854EE1E37BCDD3F72D7E55A6FEF4F4CF715E8DCA31D3D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../............." ..0.............FL... ...`....... ....................................`..................................K..O....`..`............8..H(...........J..8............................................ ............... ..H............text...L,... ...................... ..`.rsrc...`....`.......0..............@..@.reloc...............6..............@..B................(L......H.......X'...#..................pJ........................................(....*:.(......}....*b.(......r...p(....}....*~.(......r...p(....}......}....*.0..7.......~..........(.....{....%-.&.s....%.}.........,..(......*.........#+.......0..H........(......(....r...p.o....o.....{....(....o...+%-.&.+.( ...(...+%-.&(...+*.0..K........(......(....r...p.o....o.....{....(....o...+..,...o#...s$.....*rW..ps%...z..0..@........(.....s&...%..o'.....(....r...p.o....o.....{....(.......o..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Logging.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16968
                                                                                                                                                                                                                        Entropy (8bit):6.7847012484486715
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:iPGIW+FQaql4KeIYiArevSXAM+o/8E9VF0NyANk:i+IOaql4KzYiRvSXAMxkEd
                                                                                                                                                                                                                        MD5:FE6E53ADFBB1167C23FE8E5B5741549C
                                                                                                                                                                                                                        SHA1:C26DC661E4129C2AB1DF110118EEDC9717CF5F79
                                                                                                                                                                                                                        SHA-256:B96D7461440064D511D67A80453D64D109748EC7AFF3D3AA597EB467539ABC92
                                                                                                                                                                                                                        SHA-512:94B6A33B1B5944065160E876C603549AD5F4BEE7BED2B37FF9210128C9837D375A9B11E6F1D6BC549AF36D4F08EA9E2BB7452199A0FAF1606ED33A63A4B625F3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]............" ..0.................. ...@....... ....................................`.................................F...O....@..T...............H(...`......H-..8............................................ ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B................z.......H........ ..8....................,........................................(....*:.(......}....*b.(.....(....s....o....&*..(....*..(....*BSJB............v4.0.30319......l...4...#~......\...#Strings............#US.........#GUID.......(...#Blob...........W..........3..............................................+...............`...................W...v.W...G.W.....W.....W...j...........1.H.....W...1.W...........W...W.W.........7.....t.H...I.H...R.H.................~.....~.....~.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceControl.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23624
                                                                                                                                                                                                                        Entropy (8bit):6.5628942980512
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:oHDYapklnzNnYT8FpzwIYiArevi9OAM+o/8E9VF0Nyrt+rH:obc6T8FpzZYiRvi9OAMxkEbqH
                                                                                                                                                                                                                        MD5:B4188A224BDC284D950263C5E5D3F9BE
                                                                                                                                                                                                                        SHA1:3D6EC82C1A14545F9D31E190469CED637D7C745B
                                                                                                                                                                                                                        SHA-256:B6744EF3CA846B3FE4F382D6110E03A4B0B71D1E139C36FD8993B278E1DA46AC
                                                                                                                                                                                                                        SHA-512:11DEFB0008D06846423AC4E50821FD0D7F32161AE20140B7FF32435BA5BA99BFFC7A2F44F9B225550B0784954E8226794A8C1851BBED4A8BC7D217660D7D4C6C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6..........." ..0..*...........H... ...`....... ....................................`..................................H..O....`..x............4..H(...........G..8............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...x....`.......,..............@..@.reloc...............2..............@..B.................H......H........&..< ...................G........................................(....*:.(......}....*..0..#.........r...po.......o........,..o......*..................0..#.........r!..po.......o........,..o......*..................0..".........rK..po......o........,..o......*...................0..".........ri..po......o........,..o......*....................(....*..{....*..{....*.0..)........(.....( ...r...p.r...p(!...("...}.....(#...r...p..($...-..+...(%........ ...o&...%-.&r...p(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceDiscovery.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):96328
                                                                                                                                                                                                                        Entropy (8bit):6.035200868781708
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:u4bTp2yBj9FBCMRMBq6MpMEktuCP7r57cDVMo7NQx6Ro:Jp2kViraDVMoh5y
                                                                                                                                                                                                                        MD5:653C97A5C6674A67DB0043B5ECE6E5BD
                                                                                                                                                                                                                        SHA1:B4EF2CC963CB1B76F88D96E12E4E56A4FD5F7796
                                                                                                                                                                                                                        SHA-256:407F3245EF1DAD2422EFB4679789CE131525508C45B706FD6804B93EF799DFB5
                                                                                                                                                                                                                        SHA-512:D3A3397C79E23E2BFD462C035D520B478644C836B66CAA7FC59253036591A303A2B81E5D5B05768155F6B7A7A38F3ADB88A003731B5E73834F526D3B6FEE3FC7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5"............" ..0..F..........Jd... ........... ..............................+.....`..................................c..O....................P..H(...........b..8............................................ ............... ..H............text...PD... ...F.................. ..`.rsrc................H..............@..@.reloc...............N..............@..B................,d......H.......$m..............@...(F..hb........................................(....*:.(......}....*..0...........r...pr...p..s....}.....(......%-.&r)..ps....z}......{.....{.....{....o....s....}......-.(...++..(...+}.....|....(.....{....o....%-.&*r1..p.{.....i(...+*.r...p*..{....*"..}....*N........(....(...+*....0..........sY......}%.....}&......}'......}(.....})....{....o......{....o$...-..,..r4..p.{.....i(...+.{....*.s&.....{.......Z...s'...r...po...+..,..rK..p..i(...+.,A..(....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.ServiceRegistration.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):54856
                                                                                                                                                                                                                        Entropy (8bit):6.036886129439002
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:oSsrlHvla+hJDzmUxSKI+ftYK6Z8Exqh4ot812YiRvjRAMxkE+:hYtvJhJDaUxSKIGtMWh4Lk7Ndxy
                                                                                                                                                                                                                        MD5:EAA287526A9025CF82798D9E73C16896
                                                                                                                                                                                                                        SHA1:D170EBC4F2560C14A0DAFDE32FA4D51C28F45C4C
                                                                                                                                                                                                                        SHA-256:72359F0F9C23E6DFAACEC0AB5511BFBEB8AD3B99D0D91A590107CBA9E29F48E7
                                                                                                                                                                                                                        SHA-512:0F3A083C8EF267C1D2EF980F8D1364626CCCB931C0C8ACD4115F5BA6A60B1542042D8BDD08308E4B3D85C0D75B33F3BEB53A0EE757EDFA7237CAE0E956FB2704
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ......Wt....`.................................r...O.......................H(..........\...8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4U...k............................................................(....*:.(......}....*..(....*"..(....*&...(....*N.(......(....(....*..(....*"..(....*&...(....*V.(......}......}....*..{....*..{....*v.(......%-.&r...ps....z}....*.r...p*..{....*.0..t........-.r...ps....zs......o.....+A.o.....rG..p.o.....o....(...+.o.....{....o!...-..+..s.......o"....o#...-....,..o$.....*........Mh.......0..}........-.r>..ps....zs%.....o&....+J.o'....((.........$...o)....r\..p..(...+...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.Settings.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):61512
                                                                                                                                                                                                                        Entropy (8bit):6.005584229388235
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:jjjE6dlHqYpIi2YcYuIgRg6JlEmYEWCTS3npXX4kpX+vMoj8bxbJH19lqjvd4wpO:ffIi2YNgimYeTEokpXVdSu4imxh7Nwxb
                                                                                                                                                                                                                        MD5:45BD7516DFE1AB576D9F0865A0BE1B91
                                                                                                                                                                                                                        SHA1:9724DB29203CB730733BEAC5CA1E643E50EAE7C7
                                                                                                                                                                                                                        SHA-256:8E01B3F44F2109FA99FD196D3C0D1692A970EE1AF05FF8BD8D94E747307B2684
                                                                                                                                                                                                                        SHA-512:EEFE5FAB9C295A85C0B550EB3AC8B9400F3473487A0171405F8A01D47966A3E29804087CCB31DA354529D3768F533BF5A2BF9A31B7EDCD56AB27CEF4D9F511A4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................... ............`.................................d...O.......T...............H(..........d...8............................................ ............... ..H............text........ ...................... ..`.rsrc...T...........................@..@.reloc..............................@..B........................H.......pT..t.............................................................(....*:.(......}....*:.(......}....*..{....*.r...p*...*....0..|........(....,.r...ps....zr%..p.(...+.....7...%..,..o.......+8.....7...%..=..o.......i.3....re..p.o....,....(.......X....i2..s....*.0..7............(......ru..p(.......(....(......r...p(......(....*v.(......%-.&r...ps....z}....*..{....*2.(....o ...*2.(....o!...*2.(....o"...*2.(....o#...*2.(....o$...*2.(....o%...*F.(....o&...('...*.(m...os...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.Interface.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17480
                                                                                                                                                                                                                        Entropy (8bit):6.815540582178675
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:hq16nofFHTddWwwIYiAreviIAM+o/8E9VF0Ny1In:wWofxTddWwZYiRvfAMxkEg
                                                                                                                                                                                                                        MD5:2A2839A8C9112C1624D80A3A3D8B24B8
                                                                                                                                                                                                                        SHA1:60413671A73B0EA715F2FFEB0C100EF396AF5E94
                                                                                                                                                                                                                        SHA-256:35A4EAF624FA83EA0201D72E4F3BDD11C5EA00086DC9F46D6ABDFC57BF90D916
                                                                                                                                                                                                                        SHA-512:F4708999932EC55B9D60E86F5DCA0732AC7E801C2CF0CC14D5FFB2659FEAF41362BC713AB51C02827F93D63E52A846B55B7D61B8931444C5C88689E4BF7D5155
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Zf..........." ..0..............1... ...@....... ..............................ZD....`.................................V1..O....@..................H(...`......40..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......h ..L..................../........................................(....*:.(......}....*.BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...(...$...#Blob...........W..........3..................................................................................................9.....9...i.9.....9...8.9...............S. ...L.9...i.9.........1.9.....9................. ..... ..... ...M.....|. .........,. ...................r._.Q.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSite.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):31816
                                                                                                                                                                                                                        Entropy (8bit):6.356187659917462
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:fS5CSBhZi3NmaK3QfpdEDFYiRv8KAMxkEw0:2hZiMaKs4p7N8ox80
                                                                                                                                                                                                                        MD5:48CEC12B191F211EB9AB2D7523B6D27D
                                                                                                                                                                                                                        SHA1:51095255719DE51200B82461274CA4B12569EEF3
                                                                                                                                                                                                                        SHA-256:8E581FA3C52F45EDC6B624820D344950D87879D6E5EA6375012D99B63EF627E9
                                                                                                                                                                                                                        SHA-512:AD1AA366C777A5C6493BBF32F914741E0F7C3F6602E69E0B0FFEEDFB899BE039517F4ACFF3F7D3224038A9BBEFE2A246224C43C426A0D6960847E2F053C1DC9A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..J...........i... ........... ....................................`.................................ji..O.......l............T..H(..........dh..8............................................ ............... ..H............text....I... ...J.................. ..`.rsrc...l............L..............@..@.reloc...............R..............@..B.................i......H........+...<...................g........................................(....*:.(......}....*..(....*"..(....*&...(....*N.(......(....(....*&...(S...*.0...........(......%.(..........('...*..{....*"..}....*..o ...*F.o ........o....*:..(!....("...*....0..d..........{#...,.*.,L(&................( .........(r...p......%..( .........%........s1...z.('.......}#...*..~8...%-.&...(...s$...%.8...(%...*..0..q........(......o&...}......o'...}......o(...}......o)...}......o*...}......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSiteManager.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):38472
                                                                                                                                                                                                                        Entropy (8bit):6.022943106570693
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:03LiVkD4oIzsdusDbwDBR9l4PYiRvrsAMxkEo5:03oCDuBhE7NWxc5
                                                                                                                                                                                                                        MD5:FE2A8CC58AB482A00EA488923BE51731
                                                                                                                                                                                                                        SHA1:8F37444407832C499860228A11EA1019BF95AB2F
                                                                                                                                                                                                                        SHA-256:DCF96E2C088E2168D8BE4B0AD1499B824535FB8F87614AA1E18CA493420F36B8
                                                                                                                                                                                                                        SHA-512:1EFAA059B630E6784117DFC35FE43133523DB4712FFAE9A5DDBD45F83E46473A1A1352E41778D7FECFFD1EA5AAB933D68B950E276E5B7F764AEC5BF0BAC2B038
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t(..........." ..0..d..........f.... ........... ..............................H.....`.....................................O....................n..H(..............8............................................ ............... ..H............text...lc... ...d.................. ..`.rsrc................f..............@..@.reloc...............l..............@..B................H.......H........0...P............................................................(....*:.(......}....*..0..).......~....%-.&.......s....%.......r...p.o....*....0..p..........-.(......(....o....,E(....-.r#..ps....z.r...p(......(...+../&.rg..p.(...+. &.r...p.(...+...rl..p(....(......*......5..?........5..N........(....*.s ...%.B...(!...s"...o#........*>~....%-.&~....*.......*N~.......~.......*.*2~..........*.~....*.......*....0..:.........($...r...p(.........(%.....("........($...rU..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.VirtualSiteProvider.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):40008
                                                                                                                                                                                                                        Entropy (8bit):6.139759474606263
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:LMUMhnuehZ3WMsxSwJzoWwO6/cd8SkYiRvJ/AMxkEeL:oKnMs6/3J7N9xI
                                                                                                                                                                                                                        MD5:D7AC7C5C2B80D6522E5EE3AF6C2308FB
                                                                                                                                                                                                                        SHA1:70AAED345BF95E8AAE751DB968B0A075B359A2DB
                                                                                                                                                                                                                        SHA-256:2B57DECABB490B82F370D4021A52562321CC97E11C1D45D245E137D50008648F
                                                                                                                                                                                                                        SHA-512:AB87E6313064D89B95ED686D147C833004A7287708BF7BA399AACAC2D8A60DE0378627896A9AC03D5109655F489B2EB11205734334755BE36A06D963B57DAB5B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t............" ..0..j............... ........... ....................................`....................................O....................t..H(.............8............................................ ............... ..H............text...4h... ...j.................. ..`.rsrc................l..............@..@.reloc...............r..............@..B........................H........<...I..................D.........................................(....*:.(......}....*..(.....(....}.....(....}......}....*.0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0.............(.......{....o......o......9.....o....,<.o....(...+%-.&.+)~....%-.&~......,...s....%.....(...+(...+..\r...pr...ps"...%r(..po#...&%r6..p.o$...&%rN..p.{....o....o$...&%rj..p.-..+..(%......(&...('...%-.&r...po$...&%r...pr...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):41032
                                                                                                                                                                                                                        Entropy (8bit):6.152867301552502
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:khp0HOMcDVE4JHpJcZt05ZrkMJLWKbZh5j8WvC+avahUjA06CzMylBAChN67OPgT:k3bM8VEEHKQXJLWKbZh5j8WvC+avahUe
                                                                                                                                                                                                                        MD5:78FC34B7D84550A2655549B3BC2AA0DF
                                                                                                                                                                                                                        SHA1:9578EBC84CF9895228D90E85B2858E6D84F36F2F
                                                                                                                                                                                                                        SHA-256:8ED1052DD4C0BD513A3AC65DA2AB0F87B3AA1BF3E5771FA57582BB82C9B25838
                                                                                                                                                                                                                        SHA-512:0018B64C7443F35A66DEE1FE62964FF7E56B33D9FE6FA708C7C6CC93F4FA7ED05C624971704D0DA5AFD476CF607FE15DBE2EF81D83AA75C11EBE8BA36C8F0715
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T9..........." ..0..n..........V.... ........... ...............................+....`.....................................O.......$............x..H(..............8............................................ ............... ..H............text...pm... ...n.................. ..`.rsrc...$............p..............@..@.reloc...............v..............@..B................6.......H.......t3..8K...........~................................................(....*:.(......}....*..0...........r...p.(...+.(....9O....r...p(.....~......s......o.......s....%.o ...%.o!....rq..p(....o".....s....%.o ...%.o!....r2..p(....o"....r...p.(...+r...p.r$..p(#....r...pr...p.($...s%...%.o&...%.o'...%.o(...%.o)...(*.....o+...o,......o-....o.....r...p..o/...(...+...,..o0.....%..rG..p..(1......(2.....(3.....s4...z...,..o0.....G..r...p..(1......(2.....(3.....s4...zr...p.(1......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceControlInterface.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17480
                                                                                                                                                                                                                        Entropy (8bit):6.765615048194596
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:JYHu4z8vlq4/IYiArevKXcYAM+o/8E9VF0Ny8I:J3xvlq4AYiRvNYAMxkE9
                                                                                                                                                                                                                        MD5:13896CE54B4C1B47291276E8870E406B
                                                                                                                                                                                                                        SHA1:94C1078B59B5AF1A27B02CB36DA08E18522C3CC2
                                                                                                                                                                                                                        SHA-256:C38E52BD3908B6A177F30808D2D59DDA82D84BA1BBF9B1D4CFDB774B140B8D0F
                                                                                                                                                                                                                        SHA-512:36AD04E2D24A540FE8AC43ACCBAF83AC786099D3CEE6FF214E039785821C6282BF4FEC19D7C693FDB1BFF0D75C2F00C056AF3D147D8DC644B4201D523D071F4E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$'............" ..0..............0... ...@....... ....................................`..................................0..O....@..`...............H(...`......./..8............................................ ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................0......H........ ......................./........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..(....*...BSJB............v4.0.30319......l.......#~.. ...\...#Strings....|.......#US.........#GUID...........#Blob...........W..........3....................................%.........................................^.....W.P...........0...,.0...E.0.....0.....0...5.....k.c.../.......0.....0...I.......0.....0...............r.........................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaServiceStatus.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.801463268755362
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:cP6qaw9Vw+tfIYiArevbnAM+o/8E9VF0NyS4aC:nK9Vw+GYiRv7AMxkEbl
                                                                                                                                                                                                                        MD5:EB9DBE564B232FA8F78CC472113243CA
                                                                                                                                                                                                                        SHA1:501992A17118C53FEFA36D16E386675C3A873FE8
                                                                                                                                                                                                                        SHA-256:840777324327B5CC70D52758E07F793CB9B702050620CA9B98596D2A1FEAD73D
                                                                                                                                                                                                                        SHA-512:F72DCDD620031AE38951F5B1CAEDE0CB31FC7332FB5CCD49C3831B08370C2CD73AC5263C3DF141C888A10CC12EEF79246C3B2645BCA43C1D8BB7040F43F78602
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............3... ...@....... ....................................`.................................~3..O....@..$...............H(...`.......2..8............................................ ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................3......H........!..h....................2........................................(....*:.(......}....*..0..'........(.......}.......(...+,...}......}....*..{....*..{....*..0...........(.............o....*....0...........(.............o....*....0..I........u......-..u....,........+..u......-.+...(.....+...(.....+...(.....+....*..,..(.....o....3..(.....o......*.**.(.......*..0.. ........,..(.............o.....(....*.*BSJB............v4.0.30319......l... ...#~......@...#Strings........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaSiteServices.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):74824
                                                                                                                                                                                                                        Entropy (8bit):6.324640692805339
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:QIIASoolPuDEMuMsxTe7atFnjOUJ661dxRC7NscxTstk:QIIqol8EMuMsxTe7atFOqp1dxRChck
                                                                                                                                                                                                                        MD5:452414425A358A9EE22D6D28317489AF
                                                                                                                                                                                                                        SHA1:19B2575CE34BDA0E99289B4BDBB938F395D0D919
                                                                                                                                                                                                                        SHA-256:4ECC1135DE01E9155388477A0CEF776F900C66ECF51B41137837623E63029915
                                                                                                                                                                                                                        SHA-512:45936BBC5D40724FF31FD739FA3CC72C79B0F865912667A2C003F75A42457D1C7E91F721CC90F656FE391A9B1DC67C4C71545FF01E7C43951FAC2E94A208DF33
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k..........." ..0.............R.... ... ....... .......................`............`.....................................O.... ..................H(...@..........8............................................ ............... ..H............text...X.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................3.......H.......`Y.............H...@!............................................(....*:.(......}....*~.(......}......r...p(....}....*..0..`........{....o.....+%..(......oI...,..{....r-..p.(...+...+..( ...-...........o!.....{....ro..p("....*.*........2>.......0..F........{....r...p.(...+.{....o.....+...(.....oJ.....( ...-...........o!....*...........7.......0...........~#...3..........*......*....0...........~#...3..........*......s$...*..{....*"..}....*..{....*"..}....*..{....*"..}

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaSiteServicesSupport.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.762058784174204
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:GuSedOYg+9mNSIYiAreveYjiAM+o/8E9VF0Nyik:Bcn+9mN/YiRvCAMxkEf
                                                                                                                                                                                                                        MD5:7FDDF835E8E33A8505E39139FAFDCD78
                                                                                                                                                                                                                        SHA1:3767CB0FA6BCF46C2372A269B33BFAE0B274E5ED
                                                                                                                                                                                                                        SHA-256:394A5E937B18A5A905E497FA64D0F6829AE04914D10194008074866EA66BDA8F
                                                                                                                                                                                                                        SHA-512:3552FEE1907974287F306711A9B996D91FA0CA82C4ECD4723AAC187A0CD7648B6AEC1DCE9976084E86B450A582B2AF0D924EF03804CEA47514B208B66E96043D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&..........." ..0.............F3... ...@....... ..............................f.....`..................................2..O....@..H...............H(...`.......1..8............................................ ............... ..H............text...L.... ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................(3......H.......D!..,...................p1........................................(....*:.(......}....*..{....*..{....*..{....*..{....*..(......}......}......}.......}....*..{....*..{....*V.(......}......}....*..{....*..{....*..{....*...0..I........(......r...po.........}......r...po.........}......r3..po.........}....*...BSJB............v4.0.30319......l...4...#~..........#Strings........\...#US.........#GUID.......0...#Blob...........W..........3....................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaSqlScriptBuilder.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):49224
                                                                                                                                                                                                                        Entropy (8bit):6.3365780459679915
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:k5RY1F3A2tb1MiW7WKb6UNxO/FJKSO3brGur9VgyIVNtwdV/3YiRvnAMxkEfE:k5i/bsf7q/mF3AFPmP7NHxjE
                                                                                                                                                                                                                        MD5:710C58BDEB0CFD372D059E627B6706C9
                                                                                                                                                                                                                        SHA1:86783B774EF91C102B25FE5BED0610A272A1F48E
                                                                                                                                                                                                                        SHA-256:8520CBCCDA57EC01F79AF89CB88368E8092B5B265D5838D1F26A64C2A792017A
                                                                                                                                                                                                                        SHA-512:85C4C158FCD7E849C6CE0F5A0EBF751BFEABFFD509F1705039263B37F2384090593B03FE372B3069EA2C70223F5BA42ADC96856195BF374A71328AF93642BE67
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............" ..0.............^.... ........... ...............................6....`.....................................O.......h...............H(..............8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B................>.......H........<...A...........}................................................(....*:.(......}....*..0...........(......(......(......(.......(.......(.....,\.,.r...p.(....(....s....z.o.....+&.o......o.......rc..p.o....(....s....z.o....-....,..o.....*.......N.2.........{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*V.(......(......(....*..{....*"..}....*..{....*"..}....*....0..t........s....}.....s....}.....s....}.....s....}.....s....}.....s...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaSqlUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16456
                                                                                                                                                                                                                        Entropy (8bit):6.96685127844179
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Acp5awSN92MIYiArevjjo8AM+o/8E9VF0Ny3m:VSN92dYiRvjE8AMxkEM
                                                                                                                                                                                                                        MD5:99536EAB299125695389B8F8EDF290DB
                                                                                                                                                                                                                        SHA1:B59BE1EE645BE76EB3370E04F20C63695F5535AA
                                                                                                                                                                                                                        SHA-256:C627FFD3506C236F13AF66E0A283C358330681250DDE01D6C46581483F7ED8AB
                                                                                                                                                                                                                        SHA-512:9C110A14668767E88AFB583407CA62D887FF4CF5892D4DB6719E4BA43161DDA3B77CC554AF06718D53104AB01CEFE3FB5E739150247BD1023614770BEA9956AD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Lpd..........." ..0............../... ...@....... ....................................`................................../..O....@..................H(...`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H.......(!................................................................(....*:.(......}....*..0..M........(....,.~....*~....o......1.~....o....~.....~....%-.&.......s....%.....o....*....0..3........s......o....(....-..r...po.....o.......&r...p....*.........((......B(....s ........*...BSJB............v4.0.30319......l...P...#~..........#Strings........H...#US.........#GUID...........#Blob...........W..........3............................ .............................;.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaTransactionScope.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16968
                                                                                                                                                                                                                        Entropy (8bit):6.806660097607127
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:F8vZ9VBOIYiArevRhAM+o/8E9VF0NyPNx:yZ9VBDYiRvPAMxkEx
                                                                                                                                                                                                                        MD5:F45ED1C34F445E5E21B30567B2D275C5
                                                                                                                                                                                                                        SHA1:275B4CC8678C971650AD2FAC61AE0FF12F5B2AB3
                                                                                                                                                                                                                        SHA-256:98749D313FCCC0B0F0AA151B56EE281BF8DA1C044D644C2D2E1CEA452E32382E
                                                                                                                                                                                                                        SHA-512:578B258A3AC14ABCC9B8663AE231FE96BDA1CFF89491B68186B7E7122F82D8578A194211A2DC7A49331B24386C93024AC432ECA507B0741A77A8FDCA9B391FAE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....I..........." ..0.............R/... ...@....... ...............................2....`................................../..O....@..0...............H(...`..........8............................................ ............... ..H............text...X.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B................4/......H........ .......................-........................................(....*:.(......}....*..(....*..(....*F(....%-.&.*(....*....0..........(....%-.&.........*(....s....*.(....(....*..BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID...........#Blob...........W..........3..................................................................;.........I...........#..... .....K.b.....b.....b...i.b.....b.........7.......S.....b.....b.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):53832
                                                                                                                                                                                                                        Entropy (8bit):6.291618786751576
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:OX6XG5H6R4Jn0sBC3ZRRIsUUMKeD8L7NyKxdC:S6XG5aR4URRXU7ILhk
                                                                                                                                                                                                                        MD5:C35697FA55E4E1DAFB826A0649A3EAC4
                                                                                                                                                                                                                        SHA1:B68CC146E4ACFD614C4BE26432CDD2A15874D6C9
                                                                                                                                                                                                                        SHA-256:FD522D60C27FF7202A8F2CE9E58091069892EB1CA9D475AC50B2987ED2ED6FEE
                                                                                                                                                                                                                        SHA-512:20857724746AE42A66456FAF9D722CCF3B03B3CB268B82F6EA7FF8E6CF26E0710290B0AB9A38ED4BC67A8BC644119C3CF74D03915C5B25227F56576C3AE70310
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S^5..........." ..0.................. ........... ...................................`.................................:...O....... ...............H(..........`...8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................n.......H........J...r...........................................................('...*:.('.....}....*..0..:.......s(......s).........io*......,..o......o+.......,..o......*......................(........0..k........s,....s(......s).... .....S.....+......o*..........io-...%.-....,..o......o+........,..o......,..o.......*..(......+@..........GT..........W^.......0...........s......%-.&(...+o0....8.....o1......(2...r...p.(3...,!..(4...(...+.3....(4...(...+o7.....(2...r%..p.(3...,!..(4

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\FmaWcf.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32840
                                                                                                                                                                                                                        Entropy (8bit):6.293588119699909
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:JNfREdDoXv/AjEd2jCxVOvo+EtYnF92dVYiRvqAMxkE3aL:HEjEcROr7NIxTU
                                                                                                                                                                                                                        MD5:6BEEFD2570BDBA244D0AEA5F96C7E45E
                                                                                                                                                                                                                        SHA1:B410C32BC96148DE45BA20929E313E4FCF66E79A
                                                                                                                                                                                                                        SHA-256:1160379F669CB4140EC2A24061D07845DD106BB805F2DDE5F152E3CB413F8889
                                                                                                                                                                                                                        SHA-512:DD5C36F9E739B9995096690B8F932439353E5C34260D8BCFAAF17981ADD55EEB1A447EC218C5F6E28A530B2BD3AFCE7EC18640190077B1076A0664B364E85C7C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..N..........*l... ........... ...............................n....`..................................k..O....................X..H(...........k..8............................................ ............... ..H............text...0L... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B.................l......H........-...<...................j........................................(....*:.(......}....*.*....0..Y.........+F.o.....o....u;...o....o.....+..o....s....o.....o....-....,..o.......X...o....o....2.*......... ..<.......*..( ...*...0..i.......s(.....(!...,+.~%...%-.&~$.....'...s"...%.%...(...+(...+*s%.......o&...u&...}&.......)...s"...(...+(...+*n...@...%.r...p.(.....o'...*n...@...%.r...p.(.....o'...*....0..'..........@...%.r...p.(.....o'.....(!...-..*.*..0..k..........@...%

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Google.Api.CommonProtos.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):427520
                                                                                                                                                                                                                        Entropy (8bit):5.824271369919988
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:SYoemIBJLHZy/d0KgZo5kxYWgd/Q5zBECv8jfSWYX9:wKLkJ5X/QwhfSW
                                                                                                                                                                                                                        MD5:63959C9131B58A50A20D7BD37DCFFC41
                                                                                                                                                                                                                        SHA1:D29BF78E404D2C2ED0A19047672CB636CF2B2981
                                                                                                                                                                                                                        SHA-256:37B0065091FEE0BD3E10A0DADEC1D6A8D45ED66E07D2581C812B9B86C19784F1
                                                                                                                                                                                                                        SHA-512:3C77AFC9CF7579E93DD18E62CD654A7AD6B4CD36CA6544D821E35D01F8B5B1C2FADA779394CD3C8035D42CF32857D6279A03466D942004CDF93CD73370E76A1F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Kg............" ..0..|..........v.... ........... ..............................:.....`.................................!...O...................................D...T............................................ ............... ..H............text...|{... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B................U.......H........p...)..........................................................~....*..0..s.........?...%.r...p.%.r{..p.%.r...p.%.ro..p.%.r...p.%.rc..p.%.r...p.(....(............A...%......(.......s....(.........*.~....*...0............?...%.rG..p.%.r...p.%.r;..p.%.r...p.%.r/..p.%.r...p.%.r#..p.(....(..........%.(.........C...%......(....(......?...%.r-..p.%.r5..p.%.rA..p.%.rK..p.....s.....s....(.........*.~....*F(....o.....o....*.(....*..( ...*..0..H........(......{....}......{...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Google.Protobuf.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):461600
                                                                                                                                                                                                                        Entropy (8bit):6.121892709817012
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:r4/m8Ea0LJqGVByY/ISDYLh0JPYqe9XMKr0g3pkUtdJAtQLxisgFafDcabBv805E:M+VLJqGVBlASKXMKJLBL0k/
                                                                                                                                                                                                                        MD5:54AEB9BDBCAA96811DB6D02A620D2229
                                                                                                                                                                                                                        SHA1:795AB7B578D8DEEE64BFA1AECB50391ABD25B5D7
                                                                                                                                                                                                                        SHA-256:B628AEE109C1FD016F955C2FE3549EDD5195D86B57A213189A6210C396D00756
                                                                                                                                                                                                                        SHA-512:D16DE313B944975ECE181D49959EC33806771EB4B6926279628454746E7BD1B1AA8D7243CFC027102518CC679BA980918259789C814D522441578DBFBC5B4F34
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... ............" ..0.............^.... ........... .......................@.......N....`.....................................O....................... )... ......4...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................?.......H............Z............................................................(E...*..(E...*..(E...*:.(E.....}....*..{....*:.(E.....}....*..{....*..{....*"..}....*V.(E.....}......}....*..{....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0../...........1.......(F...*...X...+...%.X........X...2.*..0..%...........i.Y.+.................X...Y...2.*..s....*F.(...+(H...(....*:.(I.....}....*.~....*2.|....(J...**.(.......*2.|....(K...*..{....*2.|....(L.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\GpAnalyzer.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):72776
                                                                                                                                                                                                                        Entropy (8bit):6.178457209132011
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:l9r/YpETxnxg3PNJSDrMVLnv0d/77NNxq:lN/YQxxkJS3GnvK/7he
                                                                                                                                                                                                                        MD5:9081DC7037FF4A0D6F34E35A563650BB
                                                                                                                                                                                                                        SHA1:15F0C6567A0496F84D3A34710756A20B37D7065C
                                                                                                                                                                                                                        SHA-256:B051305ECBD29458EF2F811994DB233A3B52E1B619A0CA05786D31EBD6976128
                                                                                                                                                                                                                        SHA-512:26149F30ED08D77329DC7DA75ED12FCB6F01E06B9A71CD704ECC3E12BF3C7D9E8BB0C9C76C1EADD7FFAE5BA79533FBA975C1D4BBB254B906AA436AA0B50CAD3C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............r.... ... ....... .......................`.......H....`................................. ...O.... ..................H(...@......P...8............................................ ............... ..H............text...x.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................T.......H........h..................H.............................................(....*:.(......}....*..0..........~......r...pr...ps....r...po.....,...-.s....*...ij(......o........s.........o .....o!.....(......"..,...o"......,...o".....,..o"......-&~......r...pr...ps....r...po#...s....*.s$...s%.....(....(.....~.....5r...pr...ps....r...po#....(&...-..(....+.s.........,..o"......*.4....I..b........@..n........8.Bz..........E........0..........~.....;r...pr...ps....r...po......j.o'..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\GpContracts.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):55880
                                                                                                                                                                                                                        Entropy (8bit):6.300048978801212
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:NCYpHbamZOJf+PVaasCf7QNKDE47Nsx55:hmmG+daF6QNKg4hK
                                                                                                                                                                                                                        MD5:21AE68AA054CCA7832956CB7E3D8B1A3
                                                                                                                                                                                                                        SHA1:95B5002BA18D5AE27CFC186C2F1E7A4E2A452E33
                                                                                                                                                                                                                        SHA-256:2F29E9B522954A4865917081C58F0BC4A3C2F90915720ACC313A2ED182DCBA3F
                                                                                                                                                                                                                        SHA-512:40E4E61372108D797F120F7199C4C3B12028D900480D193C49A94A1BF7620B5D9C3A5B592CC25CDE33393DFE038845FFC9A5F566CE9724279E79F7180573D0CD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............F.... ........... ....................... ......&.....`.....................................O.......................H(..............8............................................ ............... ..H............text...L.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................%.......H........0................................................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..(....*r.(......(%.....('.....()...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*j.(......(-.....(...+(/...*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\GpDocument.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):242248
                                                                                                                                                                                                                        Entropy (8bit):5.89096149324451
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:8C6f4Hz7SaBiJUr8tamIupvXalBl+bToKmBVr+9kZLK0fU3xzhs:8xf4Hz7SFUYtaapWKToKeks
                                                                                                                                                                                                                        MD5:B4C7D7B5D9D9AEB7D0F58150325A5C74
                                                                                                                                                                                                                        SHA1:69DF2458F63C6A032F0CE58881C67C771741D395
                                                                                                                                                                                                                        SHA-256:20D4082C19671D5DF019D5169AC5CDC9101D85B137F0420983B9DAD7ED236D82
                                                                                                                                                                                                                        SHA-512:F8914C622A5CCC77E826A4E75A9EB80FAD1DCB76F000A8A9253D58063C80AE6140B53C3D053366BCAEDD764FD88350DA87A4509809021D025BFEA5EB2801CC57
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0................. ........... ..............................z.....`.....................................O.......................H(..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......h...................0...4.........................................(....*:.(......}....*..0...........s......s......o......o.......o ...(......o ...(........(....~P...%-.&~O.....3...s!...%.P...(...+(...+.....,..o$.....,..o$......*...........\j..........mt.......0..E.......s7......}T...s%.....{T...o&....+gs:......o'...}V...s<........{V...s....}W.......;...s(...(...+%-.&+.(........=...s*...o+......{W...o,....o-...-....,..o$.........8...s(...(...+~Q...%-.&~O.....4...s/...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\GpXmlSchema.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64584
                                                                                                                                                                                                                        Entropy (8bit):6.2608075776457115
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:D9LLNbDP1gW+0lxE6jEml18vHM77NVxsw:vbGW+Do8vs7hn
                                                                                                                                                                                                                        MD5:8BAAD98DFB4032B3D3E8B321AF05DABB
                                                                                                                                                                                                                        SHA1:8F1EF69C0DA5E8A55D50D8CA783D1EADC75240D0
                                                                                                                                                                                                                        SHA-256:C1638092FFF53A4DE877056B1A2163E70E4C59D0D244C0C9799D6DB372655B11
                                                                                                                                                                                                                        SHA-512:38761F86252A1C5B5B7CEEA5D837A6F3CFF8954C6C3905D1A46AB9D9BE75CFD2D987277DEF896129AAA077FC0CEDDAA53BA77489799610DE634156778DBE6FC3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@............`.................................A...O.......................H(... ......l...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................u.......H........8................................................................($...*:.($.....}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(%...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(%...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(%...*..{....*"..}....*..{....*"..}....*..(%...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\GpfxSettings.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2344520
                                                                                                                                                                                                                        Entropy (8bit):5.744287275391601
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:R7wr324BRAokyBTTMPgvGM5W6FFHaGbiD2:Vwr3HRAO
                                                                                                                                                                                                                        MD5:C4867DB22D610E30EE891026B10F4C39
                                                                                                                                                                                                                        SHA1:CF00DE70ACAA2C8E7980E9CE311C4230D88CE5F9
                                                                                                                                                                                                                        SHA-256:6FDDA9B3BF2BD9E0C480B9C80FE7EC967FC8A690F14720B74659B8F846EA6714
                                                                                                                                                                                                                        SHA-512:C8D1817565F022691004952C92C6A2B5E2A065DF384CC4AFBED86DFDFAD947C03C5E63008862F6875F91EA4A667A8BB53859AB40A35320C1A2D9021EB5B54660
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0...#.........r.#.. ....#...... ........................$......f$...`...................................#.O.....#...............#.H(....#.....L.#.8............................................ ............... ..H............text.....#.. ....#................. ..`.rsrc.........#.......#.............@..@.reloc........#.......#.............@..B................Q.#.....H.......H...............L+.......#.......................................('...*:.('.....}....*..0..........(....o(...-..*.()...,..*..s*...(+......&.....*...........'.......0.............(,...,...1.. ......*.*.*..0.. ..........c.. ...._...2...0...d.....*.*.0..J........-..+..(...+..,..(...+-..*.(...+,&.~....%-.&~.......%..s/...%.....(...+*.*...0..q........-..+..(...+..,..(...+-..*..i.3....(....r...po2...(3...,..*....+(.....b...%..,.o4......i.0..*...(......X....i2..*....0......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Grpc.Core.Api.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):70432
                                                                                                                                                                                                                        Entropy (8bit):6.292834548979216
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:PuuJQA5+vkLqGfr5fvTo06fm7vuwbAidfGYxd6SBGuToVsGRz0XyDYGQ7ytl3fVx:xh5fvTv6SAidfh66kVsG2yDYGQ7qVx
                                                                                                                                                                                                                        MD5:2A9F904A8D4E2E19B1BEC40A49F14D3C
                                                                                                                                                                                                                        SHA1:88DB0E994A43E7DFBC1589C65877C4A373A18DB9
                                                                                                                                                                                                                        SHA-256:1EAD6ECB86C7B2E9FCAECD0561ED766E17D8A8EC56524737E79E91CBE0FD3D3C
                                                                                                                                                                                                                        SHA-512:4DBBE9DEF3B59CC43BCD2CEB5F960B8DCD651455E2B645540B54BBFC8BDDDB45E2C78FF6E9E971D4B9B36F94331AC7EDABE34FF8AB074013066834977E1A1CA6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y1e.........." ..0.................. ........... .......................@............`.................................g...O....................... )... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........G..h...................l.........................................(&...*^.(&......J...%...}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*..{....*V.(&.....}......}....*..{....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:...('...(....*..((.....r...p(...+}......r...p(...+}......}....*..{....*..{....*..{....*...}......}......} ......}!......}"...*...}......}......} ......}!.....}"...*..{"...*..0..(........{....u......-..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Grpc.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):485656
                                                                                                                                                                                                                        Entropy (8bit):6.61009099792126
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:VrJLcdXl5xFcQyCmnMENW1H/M8f9Z5mNplX4XmRrcMFADwYCuMsligT/Q5MSg:VrJLcd15XafWN/vZ4NLqmRrctb65MB
                                                                                                                                                                                                                        MD5:6155B91228D88A0CFFF0E8F32942E772
                                                                                                                                                                                                                        SHA1:B855C00124FF8048DD278F3ADA5A3392576AA5D6
                                                                                                                                                                                                                        SHA-256:AA99E6AD71C01997C154BE1F0F6E5402266F787422CF67D66C5D59F63D26131F
                                                                                                                                                                                                                        SHA-512:4E6A0C07C09845072EBE16AA7087B572358800E6FF1691B2A2E6F56C60EBDDB29EB9CDD4412DC78A8B9738E2D14B76B6C72373DBC7CD444B972E6320A818A728
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-.n..........." ..0..8..........BV... ...`....... ....................................`..................................U..O....`...............@...)...........U..T............................................ ............... ..H............text...H6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B................$V......H.......t... ?...........K.......T........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*......(....*v...o......o ....o!.....("...*.0..V.........r...p(...+}$.....r...p(...+}%.....}&......r...p(...+}'......rC..p(...+}(......})...*..{$...*..{%...*..{&...*..{'...*..{(...*..{)...*...0...........q........})....*6.s*....o+...*..0..)........s*......o,...~-...~....~/...~0....s1...*....0../........s*......o2....s3...~-...~....~/...~

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Grpc.Net.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):205088
                                                                                                                                                                                                                        Entropy (8bit):6.178274822311102
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:3bbcjrNanXzIm/fUmKRFQ35niEj5247pFuBR4x4WRwwT3zvtdnRHdGtRXx:3bojrNaXOR2r5sR+ewvt8
                                                                                                                                                                                                                        MD5:F1CBA9A336CADE17ACAC375476F87259
                                                                                                                                                                                                                        SHA1:1A07D4F0413782C8059E44298797F55504DA5597
                                                                                                                                                                                                                        SHA-256:8AD3CF0FB9621A9859A83F72399E4AD214579A2EDC2DE173C2495C73E25EC75E
                                                                                                                                                                                                                        SHA-512:F1D69B26607A76E7775D33DE6D263D474D79BEB8D001833B6C287E8D1F791F247C3A3E13534C404B31A9568EF5D608732E263ACF9F2A3A5D3E59DBFA811495BD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y1e.........." ..0.................. ... ....... .......................`.......h....`.....................................O.... ..0............... )...@......<...8............................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H.........................................................................(*...*^.(*..........%...}....*:.(*.....}....*:.(*.....}....*:.(*.....}....*:.(*.....}....*..{....*:.(*.....}....*..{....*:.(*.....}....*..{....*:.(*.....}....*..{....*^.(*..........%...}....*:.(*.....}....*..{....*z.(*.....}...........%...}....*V.(*.....}......}....*..{....*..{....*:.(*.....}....*..{....*f.(+....(...+}-.....}....*..(+.....0..r...ps/...z.......}-.....}....*b.{-.....{....(...+(1...*b.{-..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Grpc.Net.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19232
                                                                                                                                                                                                                        Entropy (8bit):6.722943681293518
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:ViqVm1oAfkFsF1HogeChGFba0SRSmYkqBIYiYF8m/Ex72f6QOwA5K+o/y2sE9jBf:/Go+kFkqBIYi6yQJAM+o/8E9VF0NyS4
                                                                                                                                                                                                                        MD5:9B1E75A93DD1E051752BCB1ADB4F0A5B
                                                                                                                                                                                                                        SHA1:BD51D7D368EDC96B42E539B0E6277FFE1CB43BAA
                                                                                                                                                                                                                        SHA-256:404DE87B2AA8E8FF91E4B1E8C895EB7EEBBCAA4AD3FBA6C7738F88DA1EE1A205
                                                                                                                                                                                                                        SHA-512:ACC5D6C82D1C675F0BF08181ADBCDA809504BFA520F67C7B8D14445E21181BE7E45F16A1C70CD84BB6E6A3175152D54723D5CF7BFA9FB340B631D83950C4DA7F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y1e.........." ..0..............7... ...@....... ...............................,....`.................................?7..O....@..d............".. )...`.......5..8............................................ ............... ..H............text........ ...................... ..`.rsrc...d....@......................@..@.reloc.......`....... ..............@..B................s7......H........!..\...................D5........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....**.-..(....*..s....z:.(......}....*.r...p*....0.."............(....-..{....+...(.....s....*&...s....*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.man

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (399), with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):205090
                                                                                                                                                                                                                        Entropy (8bit):3.4329569022146496
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:vrE7fVtZYdQFBk2As/T06+ls34rcEtoDx:zE7fVtZYSFBk2As/o6+ls34rcEtoDx
                                                                                                                                                                                                                        MD5:421AD188D7EFF3BD641E3624E7930FF2
                                                                                                                                                                                                                        SHA1:B2C41BD10FC4DD3072DE6BEE3D74BF9424403A9B
                                                                                                                                                                                                                        SHA-256:270E9883AA71F5A8964F7100AB45C9C93095E5F824F398C20B62CAA12C250202
                                                                                                                                                                                                                        SHA-512:5F2E495FB977475D28525502BA36AC49A0D293F9992AE42A2A68EE7690E5A6A0CD9614FCDA1B4F9DB27B4FDC7F894CFF62175CDC5F8DE68B55A602BF5E77824D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.!.-.-.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=..... . . . . . . . ._._._._._._. ._._. . ._._. . . . . . . . . . . . . ._._._._._. ._._._._._. . ._. . ._._..... . . . . . . .|. . ._._._._.|. . .\./. . .|. . . ./.\. . . . . . ./. ._._._._.|. . ._._. .\.|. .|./. ./. . .F.l.e.x.C.a.s.t..... . . . . . . .|. .|._._. . .|. .\. . ./. .|. . ./. . .\. . . . .|. .(._._._. .|. .|. . .|. .|. .'. ./. . . .M.a.n.a.g.e.m.e.n.t..... . . . . . . .|. . ._._.|. .|. .|.\./.|. .|. ./. ./.\. .\. . . . .\._._._. .\.|. .|. . .|. .|. . .<. . . . .A.r.c.h.i.t.e.c.t.u.r.e..... . . . . . . .|. .|. . . . .|. .|. . .|. .|./. ._._._._. .\. . . ._._._._.). .|. .|._._.|. .|. ... .\. . . .S.D.K..... . . . . . . .|._.|. . . . .|._.|. . .|._./._./. . . . .\._.\. .|._._._._._./.|._._._._._./.|._.|.\._.\.........T.h.i.s. .f.i.l.e. .w.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\HighAvailabilityServiceEventLogResources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):999496
                                                                                                                                                                                                                        Entropy (8bit):4.155407083053397
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:L6I46xr6xq6x8i6xZo6xId1OsRyqKOrJDWxN6xvO:3o6xId1OsRyqNrJDWx7
                                                                                                                                                                                                                        MD5:E97A15A69A1CEEF6B34C6D14E6E6DDA5
                                                                                                                                                                                                                        SHA1:616B785419CFE1B8E9E3D23E6D0D3C8A9F0896B4
                                                                                                                                                                                                                        SHA-256:249AB9FBD4DD850B4853CB7D0397D2AF2293125D12DC1C2BA2749EDD11E8B977
                                                                                                                                                                                                                        SHA-512:AA83323BEBEEAB5199437219DDFA54FB4F3D03A7AD26F2A1A72EA33E8F2AC452B355F90D895BF00983AF6F2F62DB8F2186E74B6DA773053EA48E6BB4FA4D43C0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^}..?...?...?......?...?...?.......?..Rich.?..........PE..L...qY.f...........!...'.....................................................@......0+....@.......................................... ..................H(..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@....qY.f........................qY.f............D...D.......qY.f........l...X...X.......qY.f............................................RSDS,.~...UG....G]N....C:\tc\work\9fabd0850cbc8cb6\buck-out\gen\Brokering\Broker\Components\Shared\HABrokerEventLogDll\win32-release__\bin\HighAvailabilityServiceEventLogResources.pdb........................GCTL....p....rdata..p........rdata$voltmd.......<....rdata$zzzdbg.... .......rsrc$01.....".......rsrc$02........................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\HostingManagementComponent.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):239688
                                                                                                                                                                                                                        Entropy (8bit):5.827746836591962
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:qOdEua9amlfGHs6LOn+EyP1J5HSh1KSSsGEwdCktJnjYGloYWH2:DsfMsN+gh1KSSsGEwdCktJnjYGloYWH2
                                                                                                                                                                                                                        MD5:27BF635CA32F14A4A72057189F6AF673
                                                                                                                                                                                                                        SHA1:467ADD6AEA6A162A26122BDB56F61B36273D763A
                                                                                                                                                                                                                        SHA-256:5A790726A58A468946E68183BC6546FD413BDD7097F4B1B9E48C8941641A2025
                                                                                                                                                                                                                        SHA-512:9543225EDEE838E4C2DB6AE07209A0488D893D766794C211F4D9DB78304ED6DC5091A6F588E3EA37C7C1F5C955E099D132973418E00BEFC5602337D1759E8947
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..v..........:.... ........... ....................................`....................................O.......`...............H(.............8............................................ ............... ..H............text...xt... ...v.................. ..`.rsrc...`............x..............@..@.reloc...............~..............@..B........................H....... ...<y..................\.........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\HypervisorsCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):138824
                                                                                                                                                                                                                        Entropy (8bit):6.148850658916972
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:y33DPnEZQttmdS6Wa2EJjtpUGzhv95Awth4G3LatfNFAfhrU:oTPzJ6W12DqNFWrU
                                                                                                                                                                                                                        MD5:D7F11F4F22DCA93BF7B5FD7C744EAC83
                                                                                                                                                                                                                        SHA1:9AEB0DEC0688737E25CA13CB159B0F3A618F6BCF
                                                                                                                                                                                                                        SHA-256:A5DB70A8D4AC887F562012E02CF349E36898ED112B8BAC9B747B7F23D1661A77
                                                                                                                                                                                                                        SHA-512:B71504CAE7132E0E5F93266F074AD9EDB0120A02C43C7583A7D1E62A5695BBCB812D087481CDAA75B8A37B6A52E757305367E281384BBCD4B0EECEB1E50EEDC0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r.<..........." ..0.................. ... ....... .......................`......^>....`.....................................O.... ..,...............H(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...,.... ......................@..@.reloc.......@......................@..B........................H............\..................L.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*..(.....r...p(.....r...p(.....r...p(......(....*r.(......(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..J.........s....}.....(......} .....}!...("......-..........+..(#...}$....,..o....*2.(%...o&...*..{$...*2.(%...o'...*..{....*2.((...o)...*..*..{*...*"..}*...*..{ ...*....0..;........(%...o+....{!..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\IBrokerAdminQuery.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25160
                                                                                                                                                                                                                        Entropy (8bit):6.575703644910157
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:KUwY/Ddrt8G3rMcTnNTI/6r+OyO5IgPg6eFrgZeF28VfibIYiArevPqtAM+o/8EE:KoDd9dlWpVVfikYiRvPIAMxkEE
                                                                                                                                                                                                                        MD5:12401237B65400B8317B852B80636138
                                                                                                                                                                                                                        SHA1:AAB24162E36A16F056FD8B53ADEAAE3376E40B4E
                                                                                                                                                                                                                        SHA-256:4AE373C56A796D470F1DE6A4FE81ACCAB1F5193EAC4959A7371A0952A1961475
                                                                                                                                                                                                                        SHA-512:ABCE1C11D6530DFAF67CBCD8B123BF4B032FB3DDB8F972E71AEEAF9699DEB5E09057493CA1FB56A13D5E0FAC75E44B48B51CD92E0823370372C0A95E3F9F4E51
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V............" ..0..0.........."N... ...`....... ..............................W.....`..................................M..O....`..$............:..H(...........L..8............................................ ............... ..H............text...(.... ...0.................. ..`.rsrc...$....`.......2..............@..@.reloc...............8..............@..B.................N......H........!..h*..................XL........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*V.(......(......(....*..{!...*"..}!...*..{"...*"..}"...*..(....*..{#...*"..}#...*..{$...*"..}$...*..(....*..{%...*"..}%...*..{&...*"..}&...*..(....*..{'...*"..}'...*..{(...*"..}(...*..{)...*"..})...*..{*...*"..}*...*..{+...*"..}+...*..(....*..{,...*"..},...*..{-...*"..}-...*..{....*"..}....*..{/...*"..}/...*..{0...*"..}0...*..(....*..{1...*"..}1...*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\IBrokerDAL.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):262216
                                                                                                                                                                                                                        Entropy (8bit):6.0023109690613525
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:gPq9gjOjYIP14nCKGpgEYZKK3mWGDgJz4YOVJfAUdsPk98nvhb:gPqWjX5Gl2KKWWGDI4jVtAUuGCb
                                                                                                                                                                                                                        MD5:7AFCAD5B078944539350927D655C08B5
                                                                                                                                                                                                                        SHA1:C9C84AF2794C7A304057E41DB3497A829D367D5D
                                                                                                                                                                                                                        SHA-256:CF1BB1958B1A6ABC27E45CBC5AC59A30028B8B842902FB6035BF0DC0D0603E07
                                                                                                                                                                                                                        SHA-512:E08C0D4705EEA0D45925BFB8D4217F1ED976DD6E3A5C3DD9FCCDE3A02EF938DC4E4E52FDE820399FD6561F1B7F8BC8989227D4788F073541C7B797AB251D3571
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r............." ..0.................. ........... .......................@......E.....`.................................r...O.......D...............H(... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...D...........................@..@.reloc....... ......................@..B........................H.......0....j............................................................(-...*:.(-.....}....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*:.(......}....*..(......}......}......}.......}.......}.......}....*..0...........(.......r...po/...t....s0...}.......r...po/........}.....,....r...po/...u....}.......r3..po/...u....}.....,....r?..po/...u....}......-..+...ry..po/........}....*...0...........u......-..*.(.....o....(1...*2.(....o2...*..{....*"..}....*..{....*"..}

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\IBrokerDALInternal.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):85064
                                                                                                                                                                                                                        Entropy (8bit):6.224531215833331
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:E9gFQoDHp2jB6BH8HsMNnMXoljAeyIqXrZ7g7Nqx+:ElSHp2dYH+NnlAJghr
                                                                                                                                                                                                                        MD5:BF346B951FE9D6BF9637090E38642549
                                                                                                                                                                                                                        SHA1:DC6BCEC7CB88EAE7CCE6F3A626BE325D1B4F492D
                                                                                                                                                                                                                        SHA-256:6AC227EB8906928CD28FF5F34CE51EDA72010F203DAB259AF84D8BA3BD9F05A2
                                                                                                                                                                                                                        SHA-512:D2F2C69A63B22B88E698235D1164A2D2653883060BCC7CD7FD0A3FE1362A09C78A9F32884833EA55F090264260B96631181CBB1143F88367A97B159C2A226EF8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.R..........." ..0..............8... ...@....... ..............................mj....`..................................7..O....@..d............$..H(...`.......6..8............................................ ............... ..H............text........ ...................... ..`.rsrc...d....@......................@..@.reloc.......`......."..............@..B.................7......H.......h ......................@6........................................($...*:.($.....}....*.BSJB............v4.0.30319......l....c..#~..Td...o..#Strings....H.......#US.L.......#GUID...\...|A..#Blob...........W..........3....................u.......$.......Y..............;........n1.U..*2.U.../lR...W...../.D...0.D...2.D...1.D...1.D.../.W.../.U...1g<..|0.D...0.D...1.U..a0.D...0.D...0.3..f/.U..>2g<..bbg<.../g<...;Z:..%0Z:..._Z:....g<....g<...1Z:...1Z:...)sO.........[....2...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\IControllerDAL.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21576
                                                                                                                                                                                                                        Entropy (8bit):6.7105739355434055
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:wYkq8j4DE9OZ/IYiArevT0AM+o/8E9VF0NyL1:wYeUo9OZAYiRvYAMxkEP
                                                                                                                                                                                                                        MD5:0997E863DAD446DCBD495598E5C4656B
                                                                                                                                                                                                                        SHA1:14A8CC6DB54DFDADE50E0945CB54510419A558D7
                                                                                                                                                                                                                        SHA-256:994BAF2D00C18E8AB1559ADA7F9A2ABA9A5F911C521A21D96041EFC0C2BD304F
                                                                                                                                                                                                                        SHA-512:17B7660039A53D57A35DA2C2881D73ED3CFDAE2935A4FE7B7FABC2263CB8A6D2C7E5825B558A9443F114E42F054A8D9627DA73D650052781FE59F814E8AA5273
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,5..........." ..0.."...........A... ...`....... ...............................1....`.................................rA..O....`...............,..H(...........@..8............................................ ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................A......H........!.......................@........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*V.(......(......(....*..(......r...po....t,...s....(......r...po.....-...(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..I........(......r...po.....-...(......r...po.....-...(......r;..po.....-...(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..I........(......r...po.........(......ra..po.....*...(!.....rk..po....t....(#...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\IControllerDALInternal.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19016
                                                                                                                                                                                                                        Entropy (8bit):6.728012932624359
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:v7C+DQCiudmG2IYiArevfAM+o/8E9VF0NyQMU+g+:v7p0kdmGrYiRvfAMxkEvhN
                                                                                                                                                                                                                        MD5:C93C4AB4C4ABB9057F0E3623D3D46E1C
                                                                                                                                                                                                                        SHA1:0C77DF604C1A44048023D3B7A8F26E080B944D03
                                                                                                                                                                                                                        SHA-256:551BDCDF747A37DF1ACE2A4EEE09735337CC4BBE7F177C6BB6CA70666031763D
                                                                                                                                                                                                                        SHA-512:619081E0099E4A3EC0874F4054EB03D893B5CA8301F63F13A023AC40E75ED829E978D07996A0AFD510F43457C8451A6066D1DC9E697BBBE1C48734999A28B2E4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............." ..0.............z6... ...@....... .............................. .....`.................................&6..O....@..H............"..H(...`......(5..8............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`....... ..............@..B................Z6......H.......h ..@....................4........................................(....*:.(......}....*.BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob...........W..........3........%.......................0.............2.........(.........................z.....z.....z...H.z...a.z...............|.W...\.z...y.z.........A.z.....z.........i.......W.....W.....W...-...........0.....I.....#...................................'.].....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ICwcSupport.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.815205949028443
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:lLRTrRpn+3Ld9sjIYiArevkAM+o/8E9VF0NyX5+mX:llTyLd9sMYiRvkAMxkEqmX
                                                                                                                                                                                                                        MD5:B3B54366C1365D1B6FBA4CFB3975C9CF
                                                                                                                                                                                                                        SHA1:9D8F69E1D7D63518E07D2D134C4B14B7EBC191DC
                                                                                                                                                                                                                        SHA-256:CFC6C603D25580D79913A9AD2A8D45CE72530EEFD834B1A51B77335752AC3B1A
                                                                                                                                                                                                                        SHA-512:21F3764CF0A6AC228AB8B9A9366ED4E49DF988923D336ED7AA84C3D6EC6897E61A68EC3A88F1BB48162D2C61A37C67304FDFF723A5EB5C45D00FF5D5C4C077CF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z............." ..0..............4... ...@....... ..............................8.....`.................................04..O....@..................H(...`......X3..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d4......H........ .......................2........................................(....*:.(......}....*r.(......(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*V.(......(......(....*..{....*"..}....*..{....*"..}....*.BSJB............v4.0.30319......l...<...#~..........#Strings....h.......#US.l.......#GUID...|...l...#Blob...........W..........3....................................(...............................................t.c.....c...N.1.........v.....#.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\IDnsIpSupport.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):31304
                                                                                                                                                                                                                        Entropy (8bit):6.513647358192206
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:PU5k9uvAd6TRJCt2E1IIdLzjYiRvfaAMxkEGh:PU9vLT7+LKc/7Ngxqh
                                                                                                                                                                                                                        MD5:B79B58E470C2AD7EBE3BCD432BA78324
                                                                                                                                                                                                                        SHA1:D33F0EFE1C42F185C7E915ABD2BCE03C2D6AFC0C
                                                                                                                                                                                                                        SHA-256:288B0F9DA5730F94F53CD3537A7DCA1480E1F5A62396808F98F1715A7C1651E5
                                                                                                                                                                                                                        SHA-512:2CDBF9640FD765D594289447BF2A3F59EDFAE82D675002A5F0E8BC6F261F0456B5C4E04D80D01AF0ED68F784FF14D92C2DAAE29AC3399737395CE27C4B6E2AB9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..H...........g... ........... ...................................`..................................g..O....................R..H(...........f..8............................................ ............... ..H............text....G... ...H.................. ..`.rsrc................J..............@..@.reloc...............P..............@..B.................g......H........%...@..................$f........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*b...(......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\IEdgeProxySupport.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18504
                                                                                                                                                                                                                        Entropy (8bit):6.733477482576591
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:M4MJAVcncFfEiIYiArevrAM+o/8E9VF0NyMtC9:M49FfEvYiRvrAMxkEt
                                                                                                                                                                                                                        MD5:A454EBBCA8DBCDF953E041E111304533
                                                                                                                                                                                                                        SHA1:3EC3B11AD3BC6C350554F6E6ECCD6F0580D18E05
                                                                                                                                                                                                                        SHA-256:2860A34D87B4B5484162B4F044F29B7B631E5F989948ACC9AE377715DE85881E
                                                                                                                                                                                                                        SHA-512:092442CCFDBDECF6FFD24865E48366023B225D7A7D822A25A20964790E68B53F297B7FC6B0FC4AD6CBA2ACCBF5CB4CB8E9F140C85E0C5B841797160B07CA6381
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@f'..........." ..0.............&5... ...@....... ....................................`..................................4..O....@..$............ ..H(...`.......3..8............................................ ............... ..H............text...,.... ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................5......H........ ......................p3........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...$...\...#Blob...........W..........3....................#...............0.................................|...............,.......p...............X.........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ILeasingControl.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):28232
                                                                                                                                                                                                                        Entropy (8bit):6.482744764579114
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:HYnqqXPxLajnzjQRzF851lCFWyhrUhVl540IYiArev9WAM+o/8E9VF0Ny1/cY:4nqqxSnKzjFW/l54FYiRv9WAMxkEfcY
                                                                                                                                                                                                                        MD5:AA4661E4DF4E21D920704543FBE83669
                                                                                                                                                                                                                        SHA1:F1FDDE945F32690FC9716E59C7EF729AD9E8A32B
                                                                                                                                                                                                                        SHA-256:76AB40C77FB211391857887E9CC88285425E4E187F9ACB7F901F24677EB46338
                                                                                                                                                                                                                        SHA-512:C89067FB94914CBB60E436BE36706E26D861A08ACE33CC94C41A1AFB725F0EBF94B86696434D5AE97FC39197D33EF151646B654A9A71071D72D868BDA6F7AB15
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,............." ..0..<...........Z... ...`....... ....................................`.................................nZ..O....`...............F..H(..........|Y..8............................................ ............... ..H............text....:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B.................Z......H........%...3...................X........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ISdkLogic.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):50760
                                                                                                                                                                                                                        Entropy (8bit):6.186561682508265
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:NPlzETRRRRRVuxRWxsxUxoRxRZRRRuRRRRRJRRuRRuRRRRRRRRRRRafXu6tJiE1i:/z1vAhX
                                                                                                                                                                                                                        MD5:C4CEA60FED239388C7BC3AEFCE812397
                                                                                                                                                                                                                        SHA1:0241DC4AF038F4349565587207CA19761B2B0562
                                                                                                                                                                                                                        SHA-256:A1FAC765056E8EE480551613020F7FA48D5281F046EDB48B22E406E3DAB8463E
                                                                                                                                                                                                                        SHA-512:59F4371D6AF3B0D81BC5BD8096C05417BA43F40CF44EC576AE1C507732771245A79F96BB1B765EEBAE7E21E19EE36D11A95D5F160C44D161459D94020EC1EB8E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;.[..........." ..0.............B.... ........... ..............................N.....`....................................O.......................H(..............8............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......h ..(.............................................................(....*:.(......}....*.BSJB............v4.0.30319......l...`=..#~...=...E..#Strings....t.......#US.x.......#GUID...........#Blob...........W..........3........^......................................................4........z0.>...0.>..T/.>...?....|/.5..)0.5...0.5...0.5...0.5..2/.?..h/.>...0.4.../.5.../.5..F0.>.../.5...0.5.../.1.....>...1.4...A.4.../.4.../d=...A.@..)A.....2.1....j>..0.N......?..Q.........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ISecondaryBrokerControl.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17480
                                                                                                                                                                                                                        Entropy (8bit):6.749778638382442
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:yAx0d7MlQFBqUIYiArevmyAM+o/8E9VF0NykMUb3:yt2qFBqlYiRvmyAMxkEYb3
                                                                                                                                                                                                                        MD5:28AA34A97710DED1D17DF7067B40F735
                                                                                                                                                                                                                        SHA1:E806478699A6C77261DADFC07A6AFE9ADDF7FED9
                                                                                                                                                                                                                        SHA-256:3F09138EB01096353E286E38B27764A318951F2B5A34C2ED3BCA41AFF8E50638
                                                                                                                                                                                                                        SHA-512:3911A0521125ECE4C77AC36F01E1FC2E5DE1C572EE81B533E163393EB362BD73342A77D1370797A4C3C4195E527C6F4CD6C2CDC186E03C0AD54BE2080B84089A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....y..........." ..0.............r0... ...@....... ....................................`..................................0..O....@..H...............H(...`......./..8............................................ ............... ..H............text...x.... ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................R0......H........ ................................................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..(....*...BSJB............v4.0.30319......l.......#~..X...d...#Strings............#US.........#GUID.......8...#Blob...........W..........3................................$.................................................................~...........M.....f...................S.........9................._...........T.......S...;.S...o.S.........2.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ImportScripts\Default.zip

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):66236
                                                                                                                                                                                                                        Entropy (8bit):7.992710950458348
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:1536:jncfaAg+ZcxBD+qGitJlhT/dU1Apc83RUk:jLecxBDbGitZ/WIhX
                                                                                                                                                                                                                        MD5:E7AAE3532CA559E0AD95E657F37A7061
                                                                                                                                                                                                                        SHA1:C24695AA1C699B5EBD2CB1812F38C38F35A18B8E
                                                                                                                                                                                                                        SHA-256:1C8EB30426E19C39A3B02CB7346E37065D400FFD6568BE71BF00157607235B90
                                                                                                                                                                                                                        SHA-512:F423D47C90272C6EC13C83639500DF21DCBAC5DD0FBBD772633E63695B7D97DB220FA13FD40A01466D11F870950320AE0652C74D23F2719222743AB1D689399A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:PK...........Y................GenericFunctions.ps1...F.&.....X*M...t.....n.\..I..J.Uem ...@b....~.y...sa..<..N.L.d.................s.xA.....j..U...cU.....cn.fR...Y.....?.....;.R...,...'.9]<._.(....?...E`.b....</H=...o/.yq].....A..n..,K./...A..A.....o{.H...I..=<~..........d...l...)......._..~L/q<.%u..8.....Lm ..*...~....;..J.;i..T.VAzq>~..$K..S...<+*..r...S..U.....~i^`}V.n.../NY9.....H8-|b.Y.t.tz....&.f'.1...p.?<x...}.?p*.. ...*+.^TU...y7......'?. NL.....k.f/..f.....T...~....Y.....Z..W.....:1.........X.w......8...`.._n..f.}.........%..7...A...r....S3.......1.g._D. (..r...~..0...U.y.i....o..R........../(...........\..@.:..v.........S...... ..V.....K..O.=.........?.&.?..`.~.>=)..<.v?U.t.~..6.;:}Rr.x.~..O._.K.w.wqZ}....._.../..]5....O~.C.G..ht7......I..:.....W.|R....Gv.J..........%.....|&.I.7....O.....~q....M.....'`\....>..9...<_.k. ..M....|..Tyk..v.+....?.u..^.r.....jz....../.!..... 7...x..Z..a.?{+...j.;.;.i..~)..R..".@..Nj.(.....@

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Interop.GPMGMTLib.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):62816
                                                                                                                                                                                                                        Entropy (8bit):5.348292201418987
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:AVuxJ+pQc0JnTOId3uNgufAXVVqE7nO9U9UeL+bCsq:y0J2grd+NgdnMUaeqxq
                                                                                                                                                                                                                        MD5:18061DE694ED129CB991F7CD556B3D92
                                                                                                                                                                                                                        SHA1:7399AE6C940BCF269760FCE126B9D9969F4CE69E
                                                                                                                                                                                                                        SHA-256:F611B5766803B612B9AB9F314918D29D5C5FB9C8AB53CBE2C294B1C3ED097B0C
                                                                                                                                                                                                                        SHA-512:D7FA29490D05101D194A007145F1B4512C8979B07CE3C9DB5B346825BF06FBE64D84D915441E3A59905FF2F2793313AEC9072DDB16757B0858EE43EA458D6B71
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.J...........!......... ........... ........@.. ....................... ......v#....@.................................t...W.......x...............`............................................................ ............... ..H............text....... ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Interop.NetFwTypeLib.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32616
                                                                                                                                                                                                                        Entropy (8bit):6.400313416227385
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:LBGsENrBCNUr7o7+Hkeu+CyPEhUEpYinAMxfv0LL:LosEzCNUr74+HNu+wt7HxnAL
                                                                                                                                                                                                                        MD5:C1EB69A5AD04ECD8F20424562BA5D813
                                                                                                                                                                                                                        SHA1:8E2A86400301A28506B713BFCDDE1302A217C9DF
                                                                                                                                                                                                                        SHA-256:F31D5B95AA919C3EA80F6919D8FFD86A6B5A9F37A14A7DCA82033231D97BF271
                                                                                                                                                                                                                        SHA-512:E68E6B6CBC8C26BF8EBCD483CEC116B064991A017E637CEFD438EEA9EC26C8F108B2D236D33128DFDC1725CFBD06C2CB2ADAD959F9F684040F091D6E1E836918
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y.f...........!.....P...........o... ........@.. ..............................w.....@.................................ho..S.......@............X..h'........................................................... ............... ..H............text....O... ...P.................. ..`.rsrc...@............R..............@..@.reloc...............V..............@..B.................o......H........ ...N..................P ........................................'..M........,....E8..RC.p..a.Jp.-...Yk.go;...Y..do5.:/.I..0?....f}.A............8.'..X.........#.?.Y.R.L.:F....}...JBSJB............v4.0.30319......l..../..#~..$0..l...#Strings.....F......#US..F......#GUID....F......#Blob...........W?........%3................*.......1...........!.................................S.........../...N./...f./...t./...../.........../...../...../................./...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\LhcUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):27720
                                                                                                                                                                                                                        Entropy (8bit):6.270606010344021
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:M5dpmaTnOngmIzdjWhsI9SYiRv8AMxkEM:M5dpxOngmIcXs7Naxg
                                                                                                                                                                                                                        MD5:478C677E0DFE6C9E5AF0B506A670E63E
                                                                                                                                                                                                                        SHA1:3F997DD073B35244FB7179796A480AF35997FDDE
                                                                                                                                                                                                                        SHA-256:E09A2D447C540DA62956061A0E2F57E393571709F756FABB9EC62F1A885E20A9
                                                                                                                                                                                                                        SHA-512:D4F0DB698F7E74FF277F625E1F31839CC4300CE42DAD6CE655BFB8412B9D1DF7A45252E344F12085D2B4395F5377AA8AEC7FB5A1F445A9FA54FF3160F6B698D7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x............" ..0..:...........X... ...`....... ....................................`..................................X..O....`..D............D..H(...........W..8............................................ ............... ..H............text....9... ...:.................. ..`.rsrc...D....`.......<..............@..@.reloc...............B..............@..B.................X......H........&...0..................LW........................................(....*:.(......}....*Vr...pr...ps....(....*..(....*..(....*....0..0.......r_..p.r...p(....r...p(........r...p..(...+...*.*................Fr...p.r...p(....*...)...%.r...p.%...%.r<..p.%...%.rt..p.(....*..0..X.........)...%.rx..p.%.r...p.%.r...p.%.r...p.%.r...p..( ...rt..p(.....%.r...p.%.r...p.%.r...p.*Fr0..p.rT..p(....*...)...%.r...p.%...%.r...p.%...%.rt..p.(....*Fr...p.r...p(....*....0............)...%.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\LicPolEng.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2510992
                                                                                                                                                                                                                        Entropy (8bit):6.439723931017134
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:3xfLeR3fRbuCYuvhdRzE5pjhpmGLmh7yyqWfEPsJAUGYE0Z1DtPkMKODOshp9D5:3xfqR5uCY2hLIjhlmh7yX9oA3xOtPR7
                                                                                                                                                                                                                        MD5:8A3D0784F4C873B707B09FA25E47F6D7
                                                                                                                                                                                                                        SHA1:E655AC36B4E66E7D1B5C0F41F022B5F3E236B13E
                                                                                                                                                                                                                        SHA-256:3F2595EF6DF78CC4F145D04EE2E64516376C59FE986C3F2EFF9454803566C38C
                                                                                                                                                                                                                        SHA-512:CE5C253FE656B3B477965D994C7363355CB74428BC62D37EC7D5AA098EC44BBAC9A8F13461E5FF7CA338D8101F820895111ED9AE24232B1E736838177CA6E091
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.............................l....l.........."D.M..r!1...r!..5...@>....@%.......Y.).....................l....l......y...l....Rich..........PE..d....V.e.........." .................,........................................&.......&...`.........................................P.$.`....&$.,.....&.X....P%.tT...(&..(....&..... .!.p.............................!..............................................text...l&.......(.................. ..`.textidx.....@.......,.............. ..`.rdata..62.......4..................@..@.data........P$......*$.............@....pdata..tT...P%..V....$.............@..@.rsrc...X.....&.......&.............@..@.reloc........&.......&.............@..B................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Licensing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):100936
                                                                                                                                                                                                                        Entropy (8bit):5.995768560869894
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:I0ycaHkmUx2V1GTA9j74pyLDFWwPZQOII7o0utpINzZho:ITcaHkWV1G0AIPpo
                                                                                                                                                                                                                        MD5:9758ED2A0F7541174B16524B5BEFDDD3
                                                                                                                                                                                                                        SHA1:A2D7E130EFF3467951B9A3EFB6C0CC307E330CB0
                                                                                                                                                                                                                        SHA-256:007D4DB6A1214547FDDEAB6D4EE5606DA12FE93CEC886754B2E72599F67C3599
                                                                                                                                                                                                                        SHA-512:F3DC2778306742F12F0F4EA81A77E67C8174BD17AEA2A18C28EEC7DD0002903A04EC4B85F32EA33D9B8395A1BC5E9CC3B4546C3DF116C2DEFF1CBC3FDFC307F7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+.M..........." ..0..Z...........y... ........... ....................................`..................................y..O....................b..H(...........x..8............................................ ............... ..H............text....Y... ...Z.................. ..`.rsrc................\..............@..@.reloc...............`..............@..B.................y......H.......8s......................<x........................................(....*:.(......}....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..0..z........(......}......}......}.......}.......}.......}.......}.......}.....(.............o....}.....(.......r...p(....( ...}....*..{....*..{....*..{....*..{....*..{....*..(......}......}......}.......}.......}....*..{....*:.(......}....*..{....*..{....*V.(......}......}....*..{....*..{....*..{....*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):350592
                                                                                                                                                                                                                        Entropy (8bit):6.105633084275251
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:+LLSKqQYfDxPbHR+Ra6eGh6m14gvxmnZFpzFMj/4so8mzdypcR8CH6Z/Zmvqj:+LWKO7xjhWneRvu
                                                                                                                                                                                                                        MD5:BD146664BF1DCDEC45933A614F690BA8
                                                                                                                                                                                                                        SHA1:1E47C17AB2DB493542C8705C7E2C15FC2BE58995
                                                                                                                                                                                                                        SHA-256:33D3761EE20465FB58F53488418A10EC2CD41365D4521B08F2BD1E601B30DF57
                                                                                                                                                                                                                        SHA-512:1E02C34BB1850A9D5134AA68C38990CC89BAD4C8E9B9BB49F5C2BBB90ABC0FEDAA8FF856C17648A9ADD0DBA5C182F25B538405A5A8E0E4BC7381AA5FC14B6F6F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....0..........." ..0.............vM... ...`....... ..............................qS....`................................."M..O....`...............6...#..........PL..8............................................ ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................VM......H................................K........................................{*...*..{+...*..{,...*..{-...*..(......}*.....}+.....},......}-...*....0..k........u......,_(/....{*....{*...o0...,G(1....{+....{+...o2...,/(3....{,....{,...o4...,.(5....{-....{-...o6...*.*..0..b....... ...u )UU.Z(/....{*...o7...X )UU.Z(1....{+...o8...X )UU.Z(3....{,...o9...X )UU.Z(5....{-...o:...X*...0...........r...p......%..{*....................-.q.............-.&.+.......o;....%..{+................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.Http.Abstractions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):76152
                                                                                                                                                                                                                        Entropy (8bit):6.125272290560867
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:1HJj7a0NlrIJPBeVS6E6CT092chLRwdqTRESvSiBk5mfS8k8+QHBZ3:1HJHa0NlAeVdSYhIqTySXBk5n8qQHBZ3
                                                                                                                                                                                                                        MD5:4106A161BDBCE068267E9054FD907A85
                                                                                                                                                                                                                        SHA1:0B5679B632122A75F91F151CF88D63F672875BEE
                                                                                                                                                                                                                        SHA-256:A852A628DAFD880662671395BCB2417CC86429F0F2D46BD8F357C7875862A615
                                                                                                                                                                                                                        SHA-512:731F1998717AA3F156033B7C2D711F4609200C1BFDB24902ED366CEE2808675CAA8C1AA8D3687E5AE0126B136F02BF9BDDFD2CE9BDF462FB630D5D7F087D1092
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J............" ..0.............~.... ... ....... .......................`............@.................................+...O.... ..@...............x#...@......$...T............................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B................_.......H........c..............................................................0..........s......-.r...ps"...z.-.r...ps"...z..(....,$..(....r%..p.o#...,.r)..prk..ps$...z.o.......o%....o......s....%.o....%.o....}............s&...o....*.0..q.......s......-.r...ps"...z.-.r...ps"...z.-.r...ps"...z.o.......o%....o......s!...%.o....%.o ...}............s&...o....*....0..B.......s.......}.....-.r...ps"...z.{....-.r...ps"...z........s&...o....&*...0.. .......s.......}............s&...o....*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.Http.Features.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):34704
                                                                                                                                                                                                                        Entropy (8bit):6.318538586031505
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:XwLsaGBypfDw4eZ2Ig8EitS4KBuCVTOQ69zz:osXB6fk4/IErBuCV+zz
                                                                                                                                                                                                                        MD5:C68805D112C95A66BD7105A20F93743C
                                                                                                                                                                                                                        SHA1:62A470690738DE53181888CCEE90073A9D731AFC
                                                                                                                                                                                                                        SHA-256:EC29056CB87D44A7AF5E4D700109CBF67B8AEA7496908A9508218E72D0541612
                                                                                                                                                                                                                        SHA-512:407C104461AC43A0BB37A195F4102EC17F4949546C368692322D8ECF715B1193EBF6730A517B187AEACAFFC3EE4CF8B99C96A864788F7B334E4187DF2B7B08FF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....r..........." ..0..V..........Ru... ........... ....................................`..................................t..O.......(............`...'...........t..T............................................ ............... ..H............text...XU... ...V.................. ..`.rsrc...(............X..............@..@.reloc...............^..............@..B................1u......H........(..tK...................s........................................(....*..(....*^.(.......9...%...}....*:.(......}....*:.(......}....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(.......:...%...}....*:.(......}....*..{....*z.(......}.......:...%...}....*V.(......}......}....*..{....*..{....*f..}.....(.....r...p(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.AspNetCore.SystemWebAdapters.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21944
                                                                                                                                                                                                                        Entropy (8bit):6.466399872479715
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:JKDqEh6hOG+oGFY7yZnss61zWFbf0WMLHRN7j7R00R9zoIG5hK:Iqg591KLjN049zodh
                                                                                                                                                                                                                        MD5:512E8EF747BCCA7A0B16F83D370678EB
                                                                                                                                                                                                                        SHA1:A482EF64F98B3B0E379424E66FD0CE281C8B3A85
                                                                                                                                                                                                                        SHA-256:706CDF69EFA9E0B37847277042ED5F90C9CFE510C7C36FA08E1A053487CA3912
                                                                                                                                                                                                                        SHA-512:4665B73A455BBAF943B37A1E01F312CD26EB9DDD86430CD7D8B951C410C28C4E075D7FEB981A2D12D0E9B53B58D7AF5FD06884CC80B5EA2C0F465499651F346E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O.x..........." ..0.."...........A... ...`....... ..............................G-....`.................................aA..O....`..p................'..........\@..T............................................ ............... ..H............text....!... ...".................. ..`.rsrc...p....`.......$..............@..@.reloc...............,..............@..B.................A......H........ ..<....................?........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*...BSJB............v4.0.30319......l...8...#~..........#Strings............#US.........#GUID.......h...#Blob...........W..........3....................................&.......................G.............................r.........b.....+.............U.....U...G.U.....U...D.U...a.U.....U.....U...m.U.....................@.........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13472
                                                                                                                                                                                                                        Entropy (8bit):6.292043114894753
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:WrB5jnA6+FpGKCRXEWfWlrWngbXH9YOCAs/nGfe4pBjSjM:WrnjnA6+MXEWfWlrIgbCA0GftpBj9
                                                                                                                                                                                                                        MD5:8C454E6D06D56C19F355F702B15EBB15
                                                                                                                                                                                                                        SHA1:6D4322B7BC25A50E0C5EFC80DD71824592D3A040
                                                                                                                                                                                                                        SHA-256:3A1475D6F1A99AB2A85AFEDFF3DB6454D901EBF1DE1D58E294EA2CB16516648A
                                                                                                                                                                                                                        SHA-512:6D1C221430668BE2C7DAAE9D27AAA621038F8F52F5AC3CF9A6D02D10F33E85718E08017E5CF6CDB9E2CB10CE66EB9212DCC6C88FB17C4FB486C7D71720B6BDFB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...//.U...........!..................... ...@....... ..............................`v....@.................................4...W....@.......................`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p.......H........ ..,...................P ......................................0..L....7.^...........w. ..E&."...v.hi.l..Y....3..%?...G...7.C.Y|.k.8..vb.kq..P.qw..F.(.5."..i.,1.i9....\t.)...gr..7BSJB............v4.0.30319......l...p...#~..........#Strings............#US.........#GUID.......`...#Blob...........GW........%3........................................................................l.e...............'.e...<.e...d.J.......................................7.....P.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.WebKey.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):58952
                                                                                                                                                                                                                        Entropy (8bit):6.118088424684242
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:fOILFvbdWkytEeZjfPZUX5zkrCJOA1qEqMpTdeLySKxYH84grFz:fOILFTdqEelZg5z9MAQpMRdhSZc4grFz
                                                                                                                                                                                                                        MD5:FEDC4BB68BE45038EABC6C9EFDEF10CE
                                                                                                                                                                                                                        SHA1:177FAEF4B4B2502450D3BC4A024ACFC9A87D4E15
                                                                                                                                                                                                                        SHA-256:094F0618C3D116638CE5DE9437C6E8FF31DD2BDD0C3EAA792360A16B3542A6D1
                                                                                                                                                                                                                        SHA-512:F5AB4E44D796FF8F26E0F0564F87B5282652E2C66FF0E86043BF0008CCFE21541BD093D41C6396E54B7E58D1E37C187CC9AF5AEBDA2B91CBE3364D2AE27E3A31
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....K............" ..0.................. ........... ....................... ......9.....`.....................................O.......................H$..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........Q......................\.........................................-.r...ps....z.(......>...%..=.o.....+.-o...../._o....*..(....,.r...ps....z..-.+o....._./o....(....(....*...0..!.........o.....X.]Y..-..*..=.s....(....*Z......(....( ...,..*.*.0..6.............(....(!...,.....o"...*...o...+..(....-..(....*.*...0..E........o$........(....(!...,..(%....(...+o'...*.t....(....(%....(...+o'...*..((...*6.(.....(....*..0..J........(....o)...o*....~.....o+...-.r...p......(,...s-

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.KeyVault.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):485472
                                                                                                                                                                                                                        Entropy (8bit):6.044488934650634
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:XAPMOyN5FkzwYluX5r/weedoVV195k8t2F:/N5FkzwYluX5r/weedoVVL5k82
                                                                                                                                                                                                                        MD5:18B3C51407E29CC5DDAD9700898D0C0C
                                                                                                                                                                                                                        SHA1:FA6586F426F938B942518D256C251D83FCB32F53
                                                                                                                                                                                                                        SHA-256:F345479DD837F1D8F3EBCB854A170157AE2C6CEA7C8BDF37814830599B331BAD
                                                                                                                                                                                                                        SHA-512:05F281288BE3FDD80542316CF5AC6AA2E3EC19CAA42A5248ECCEC6D24C6D0FCCFCC868C72E76EAF09D6485FF87FE0BF3E77D522BD318035634DA0608A494D385
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$..........." ..0.............&M... ...`....... ..............................@z....`..................................L..O....`...............D..`$...........K..T............................................ ............... ..H............text...,-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............B..............@..B.................M......H........9......................dK........................................(....,..*.o....r...po....-..*.*....0..L........-..*.-..+..(....o ...(...+%-.&.+.o".....(....-..(....,..o#...o$....s....*.*.0...........(%....(......(......}......}.....s&...}......S...%.r...p..o'.....,x..,t..+j.....Y...%..=.o(......i.3L...o......Y...%..".o)........o......Y...%..".o).......(....-..{........o*.....X....i2..{....o+..../.r...prO..ps,...z.{....rc..po-...-".{....r...po-...-.r...prO..ps,...z*:

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Services.AppAuthentication.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):86416
                                                                                                                                                                                                                        Entropy (8bit):5.875198114693039
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:MwJvhnSdVeSvOZcYz6dlGJPMGR5S0USVJggBvv4:MwJZJSvecY/KGRJUSVWG4
                                                                                                                                                                                                                        MD5:0ECCCB70C4D75D23E95DC3911FB4C5C8
                                                                                                                                                                                                                        SHA1:FA3A504A0F3F5FA7D30E0D5CF5E9161B0EDE542C
                                                                                                                                                                                                                        SHA-256:E999D795012F9C42C8714FDDADE702706FD0B6B4E4F7E87D88D673E39800CC12
                                                                                                                                                                                                                        SHA-512:2C8464FCCDC2553929E51D760E899EDE2425E270E82231F8F2390A65488C3D8E0586C6E94F97EBB9D2CF48A1525F9C05EE3F42C39784BD31355BCC9B671EAC23
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5B..........." ..0.. .........."?... ...@....... ...............................4....`..................................>..O....@..H................#...`.......=..T............................................ ............... ..H............text...(.... ... .................. ..`.rsrc...H....@......."..............@..@.reloc.......`.......,..............@..B.................?......H.......$s......................<=........................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..T........(....,.r...ps....z....`...%....o......(....(...+%.}........r...p.o....(....s....z.*........';......Z ..........s....(....*..0..l...........-.+o......._./o......o.....]..E....................+..~....(.....+..r...p(.....+.r...pr...ps ...z.(!...*..{....*.0...........(....o.......&r...p....*...................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Storage.Blob.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):384888
                                                                                                                                                                                                                        Entropy (8bit):6.033497261000072
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:v0eaQP0O4SPoyJGJDCjKOGlEsWoA9m7DaDlEDIO+NnYZH:vOoxLdiIoA07DaDlEDN
                                                                                                                                                                                                                        MD5:816A0CA0AC175FC2DEC459D6434860A8
                                                                                                                                                                                                                        SHA1:2DC88833A8FBCE1807B88CB777F38462CB777A75
                                                                                                                                                                                                                        SHA-256:108D1C5BCEA2D3B21AD692330DA7626349C951B9756DBBE8A8FA87EA0D18AAB0
                                                                                                                                                                                                                        SHA-512:4AD1159FC6BC4E4B0CCD609EE5EB36169B2B00E9C5EF17C04ADE4E82A3D8D3C1B6282880C49A017D465987B17CD5D3E7EAC817084286CF27A0B24426625A48C6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q..\.........." ..0.................. ........... ....................... ......,+....`.................................D...O.......................x#........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................x.......H.......Xu..4Y...........................................................0..Q...............}.....(%.....}......}......}.......}.......}.......}.......}.......}....*..*..*.s&...z..{....*2.{....o'...*.*....0...........{....,Y.{......j/N...{....iY...0..+......{.....{....i.((.....{.....jX}......X....Y...{......j/.*.{....-T.{.....{....j.{....s)......{......{.....|.....{.....{....,..{....+...{....oD...}......1..{.......o*.....{.....jX}....*..0..............s+.....{....,`.{......j/

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Azure.Storage.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):320072
                                                                                                                                                                                                                        Entropy (8bit):5.742268324139861
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:a0YWtvyZMTKGMdMr2H+KlXBACYgca8rnJ8wzZO:a0XvyZMTKGGMry++YPJ4
                                                                                                                                                                                                                        MD5:179C26AD47CCDF1F3BCB9F747820ABEA
                                                                                                                                                                                                                        SHA1:4D37E305ABD9969E733659920A07F87790AEA0FD
                                                                                                                                                                                                                        SHA-256:B217F4449C8EBC173D680BE6799307D5F54DC2B39A7DEF3B369445F848B96909
                                                                                                                                                                                                                        SHA-512:B8EEEE50DF9F6C44499622BF446DC7D0BD0F2B4434C4F72429298FEAD3E3D2A4EF4868FDC938CF90F31B524FD4EB17899D8DE5A3BAF3393EFDF829F34438F238
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..\.........." ..0.................. ........... ....................... ............`.....................................O.......................H$........................................................... ............... ..H............text...p.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......@Y...w............................................................{....*"..}....*..{....*"..}....*..{....*...0..'..........()...-..+...(*......(+...s,...}....*..{....*..0..'..........()...-..+...(*......(+...s,...}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..;........(....(-...,,.(....(-...,..(.......()...-..(.......()...*.*Jr...p.(.....(....*F.(....,...(.....*2.(/...t....*.s(...*Fs(...%r...po....*Fs

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Bcl.AsyncInterfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):26752
                                                                                                                                                                                                                        Entropy (8bit):6.512503595653532
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:DulwnBhYlTVv2wK5idcgF4of1n6K9zUYJ:ywHYFtKYdcg/f1nXzUYJ
                                                                                                                                                                                                                        MD5:970B6E6478AE3AB699F277D77DE0CD19
                                                                                                                                                                                                                        SHA1:5475CB28998D419B4714343FFA9511FF46322AC2
                                                                                                                                                                                                                        SHA-256:5DC372A10F345B1F00EC6A8FA1A2CE569F7E5D63E4F1F8631BE367E46BFA34F4
                                                                                                                                                                                                                        SHA-512:F3AD2088C5D3FCB770C6D8212650EED95507E107A34F9468CA9DB99DEFD8838443A95E0B59A5A6CB65A18EBBC529110C5348513A321B44223F537096C6D7D6E0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$:............" ..0..4...........S... ...`....... ....................................`..................................S..O....`...............@...(...........R..T............................................ ............... ..H............text....3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............>..............@..B.................S......H........'..P*..................,R........................................(....*..(....*^.(.......1...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(.......2...%...}....*:.(......}....*..{....*z.(......}.......2...%...}....*V.(......}......}....*..{....*..{....*:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Bcl.HashCode.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23424
                                                                                                                                                                                                                        Entropy (8bit):6.349672161821048
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Tvvn5ogSknr9z2e3vTkPxkKaYgj7+2WV0tfWedHRN7Z1IlGsI8:Tv6lknrJ93rkPK9XJS
                                                                                                                                                                                                                        MD5:9CCECDCFE5F0302D19CCADEE94B93B75
                                                                                                                                                                                                                        SHA1:DB696031E4F2C911D4EA7C3961AEB71DF19F9661
                                                                                                                                                                                                                        SHA-256:76B1260CE747A317E9B514433B89A81B038411FCABDDC6F9C7DBABB0742D8B81
                                                                                                                                                                                                                        SHA-512:91712539075185A65A7C4B915F25C01711937F5EA30B6A98950C6B4AB1913744685E745C94CB00779DC064B305766C46E9188786BFAA801A2D099109E3935681
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E.&..........." ..0..............M... ...`....... ...............................\....`.................................jM..O....`...............8...#...........L..8............................................ ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................M......H........,..|...........0J......HL........................................(....*^.(.......!...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..6.......(....-.(.......!......o.......(.....(.......,..o.....*...........+........(....*.0..............(.....*..0..4.............-..+.........o.....(.......X...(......(......*.0..U.............-..+.........o...........-..+.........o.....(.......X...(.......(......(......*....0..w.............-..+.........o...........-..+.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Edm.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):662928
                                                                                                                                                                                                                        Entropy (8bit):5.745360264622943
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:CDcp2PDtXTeUwYITWot47aVHgLM0YwzENGgLpgO9x5vO4vx8QZ:BpSDtXTeU8/OMYEEgLpgO9x5vO4vx8QZ
                                                                                                                                                                                                                        MD5:7EFAE2A48514930BE2513D63288B986E
                                                                                                                                                                                                                        SHA1:A98B5E2EBE8A24DC3380090F1AE372E869E1D171
                                                                                                                                                                                                                        SHA-256:FB4636E8F3075FE65DF55995F1AB07D2B79733A793647BE1C92E2C837D0A2F71
                                                                                                                                                                                                                        SHA-512:901E828865065C252664A8F6BCE083F126E7040F025782D50B15D1CB62746C7D06557125C78A691DADD3EEB3EB0E550283721F01436A21C65DFFCD58EDFCF4CE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...xG8`...........!..................... ... ....... .......................`.......`....@.....................................W.... ..P................#...@......L................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H..........`...........@.......P ......................................xN..9......{..Nq.;.P.8MA.....P.B'<.....g.[.....8...8..^.6.RS<..X..G..Z...Z......O.p.i.nn.c?&....4.. 1..R.[e...|l@.6u)e.\=.......(....*V.(......(......(....*..{....*"..}....*..{....*"..}....*.0..L.........S......r...p....(....( ...(!......r...p....(....( ...(!......r...p..("...*6..(...+(....*f..(....(%.....s&...(....*..{....*"..}....*..o'...*.((....~....-........s)........~....(...+(...+(,...(!...*...0..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Data.OData.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1529720
                                                                                                                                                                                                                        Entropy (8bit):5.667845954331631
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:yGFIrhFMRzlvQxSV0LMHUhR1uA44SP1ygOScgbSkNJR:HFk4YphR1uAPSP1ygOScUp
                                                                                                                                                                                                                        MD5:02F0B784BD29F434DCEBF10DF38FCC35
                                                                                                                                                                                                                        SHA1:8875C6D6844F44EF5B9AD2AE587615C3715393F2
                                                                                                                                                                                                                        SHA-256:9C4586DADE40F21BEAD962C3AA5DAA77C64FF240233A57A3BC1A681383D2148F
                                                                                                                                                                                                                        SHA-512:3D678C9966A7CF37CD0D20A4CDAC39CB9C8C027B33037B4E48A5A63610A35DBA8C1401B9E7935BAC7E56EBEA27EA36CE8238D9492FE798877F24E60A53EDB138
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<@9`...........!.....*..........~H... ...`....... ....................................@.................................,H..O....`..`............4..x#...........F............................................... ............... ..H............text....(... ...*.................. ..`.rsrc...`....`.......,..............@..@.reloc...............2..............@..B................`H......H..............................P .......................................e.:..Sw...K..."....y...(.>$.7v7...kZ...B.a...[h.#a.5]..\.>........ZA..;....o...f...b..wvw*...F.`&[....V...>E.Q...#.0.fT...~....*.~....*>.-.~....*~....*..(....*...0..Q..........i.ZXs.........+1.....r...p..co....o....&.r...p..._o....o....&..X....i2..o ...*....0..^........u......,..*.u....,.......(!...*.u....,.......("...*.uQ...,...Q....(#...*.u....,.......($...*.u....,.......(%.....(......*.u-...,..o

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Services.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):674168
                                                                                                                                                                                                                        Entropy (8bit):5.745913840988855
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:gfAwjdfJOgBenOB0XadPRl7px894O3T6zJeN6505k:yLdhOcAXadPRBYv3qJeN65ak
                                                                                                                                                                                                                        MD5:CC200C9176CB5B9DB8AA6BAE5DD22F3A
                                                                                                                                                                                                                        SHA1:F7B8B8D2C75A13874EA60ACCBC930F407217AD25
                                                                                                                                                                                                                        SHA-256:A24BB406A9BF49CCAF94F79F11B49C01AD37B65F0D331A38B2ABCB29C29F5312
                                                                                                                                                                                                                        SHA-512:0DF4E5FE87990CBE65A84F779D44CBCA408D9C24BBBAC4B3F20A7A657D07E03C7F8D969FB71E8D82ABAA80560306F687C580500DB4386B3CC0016828D6FCC558
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<A9`...........!.................:... ...@....... ...............................[....@.................................x:..S....@...............&..x#...`......@9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H.......................0...[...P ........................................q....TO..t./<..x..8.i.4 .D.aS..?A.U..k..e^.Tf$.....9..:v.>...l...J....d..#.Zt...u.......V..}.].....K....[...F.z0...?..j...*.*.0..n........o....(K..........YE............2.......J.......b.......z...............................8......(.............s ...*..(.............ns!...*...(.............js!...*...(.............js!...*...(.............js!...*...(.............s!...*..(....t............s"...*..(..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.arm64.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):491552
                                                                                                                                                                                                                        Entropy (8bit):6.39581158072706
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:qtaTA72UZeG1CEgbIh+ITMQ1TDQhSPGh8+MdEb2bIBm:Ct72UNX+ODQhZ89bIBm
                                                                                                                                                                                                                        MD5:CFAC33A1C499AA6003D6CF32E6875451
                                                                                                                                                                                                                        SHA1:2629AE704C1C6BF33CEFF4EAA44866E6A4D29005
                                                                                                                                                                                                                        SHA-256:2740424B9217B5FB95F76F658E3F5B0D8A8B511608F21E89E7E871A97D0C333A
                                                                                                                                                                                                                        SHA-512:BB94F2498FF550F8CF02018586C198835DA065BBA3DF1E1306CDC0C653D326CCD0FD7C15286044A09C62824FF8ED4233BDC0BC1D551D440DC0E0DB7E3D4B38FE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i...-.m.-.m.-.m.f.n./.m.f.h...m.f.i.'.m.f.l.>.m.-.l...m...h...m...i.=.m...n.&.m...d.:.m...m.,.m.....,.m.-...,.m...o.,.m.Rich-.m.................PE..d......d.........." ...#.....L......................................................9.....`A............................................8............................X.. (..............8...........................P...@...............h............................text............................... ..`.rdata.............................@..@.data........0......................@....pdata........... ...(..............@..@.rsrc................H..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.x64.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):504872
                                                                                                                                                                                                                        Entropy (8bit):6.406376841801923
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:/w5F6ysRXGXoZ0v/SqPhsXpgWo8E4UYGV2Es0v8BENMsNIm:Y5UhR0v/SqJsi8E4UYA5sqt
                                                                                                                                                                                                                        MD5:B542298FBA40C470EB1C566718DD4171
                                                                                                                                                                                                                        SHA1:6080B8DD8AC857571B11C9545EF760A8B7F229D6
                                                                                                                                                                                                                        SHA-256:57ADB08FDE97D32A68D30C37E5C68B8CDD19B52EB4100043DFFD16ACDC1495DE
                                                                                                                                                                                                                        SHA-512:F1B2B5E19AFBBA89C937A0D27981DA6F14C69DEBA05A4656EAAEBC23A25DB657AB896E4D55EDAA0F90FD799D898FF0003C4782BE1AE7EEE97569CC131CA71F29
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.?+4.Qx4.Qx4.Qx..Ry1.Qx..Ty..Qx..Uy>.Qx..Py'.Qx4.Px.Qx..Ty..Qx..Uy$.Qx..Ry=.Qx..Xy#.Qx..Qy5.Qx..x5.Qx4..x5.Qx..Sy5.QxRich4.Qx........PE..d...J..d.........." ...#............P........................................P......."....`A.........................................5..8...8:.......0.........../......((...@..........8...............................@............................................text............................... ..`.rdata..............................@..@.data........P.......<..............@....pdata.../.......0...J..............@..@_RDATA....... .......z..............@..@.rsrc........0.......|..............@..@.reloc.......@......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.SNI.x86.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):414248
                                                                                                                                                                                                                        Entropy (8bit):6.727376230131443
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:wfcjl0FEgFrywNFYGtGN5Ziy2JYCbBhYJ4E:wfcjl0BywNFYGtGN5Zd2J9bTm4E
                                                                                                                                                                                                                        MD5:A09F8FC602D5E5E66CCB4D27437BCC6F
                                                                                                                                                                                                                        SHA1:5E443DF355A5FFDF5195613EDD5D7854E0F2EBA6
                                                                                                                                                                                                                        SHA-256:06EF300BF9F164019ABD930F03064E2E380CE9BA25FFDDE35C64C6B54DAACCB5
                                                                                                                                                                                                                        SHA-512:E33E646F00B3CE994B071E9C6D94E7D6B42EB6180E4B8C753CD27024492E5336628B28EDB7149F3A7D69E5CC5ABC0E2FB3C6AD0EC25FCA04445F43800FC8433A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......UN'../I../I../I.ZWJ../I.ZWL../I.ZWM../I.ZWH../I../H../I..SL.9/I..SM../I..SJ../I..R@../I..RI../I..R.../I../../I..RK../I.Rich./I.........PE..L...-..d...........!...#..................................................................@A...........................8............@...............*..((...P...M...V..8............................U..@............................................text....~.......................... ..`.rdata...D.......F..................@..@.data....U..........................@....rsrc........@......................@..@.reloc...M...P...N..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Data.SqlClient.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2048544
                                                                                                                                                                                                                        Entropy (8bit):5.666352538084962
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:JIZe5CJee3nXkYIEBg7g5EJeGlYeRCEEuaVvp7gmn6GjiL9DO4K8LNQhvlgdhusQ:JI4Qjq
                                                                                                                                                                                                                        MD5:59F0D1D28AB7B0C92EB1CED71F6A9A7B
                                                                                                                                                                                                                        SHA1:C8BB37D29289AF452C3DFF9471AC1259A978F083
                                                                                                                                                                                                                        SHA-256:067D5608B289DDEB6857555C0EE227FDDAFC9C86FF36A70FF52ABE29305AD975
                                                                                                                                                                                                                        SHA-512:D4C7A911E95631414E4E900501C999AA8A19F3FC9F2DA92DF52441C52FC5D5C0959C2D0DFE1F6807151C6A828D3E2B4BEEDE5F5C88A7A1E7AA3CDAD2C26C1A72
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..e.........." ..0.................. ...@....... ...................................`.................................|...O....@.................. (...`......D................................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H............8...........9................................................(i...*..{....*.0..Q.............(j...}.....(k...~@...r...p.(....o...+..sl...}.....sm...}......~@....o.....*.........,..D.......0..;.............(j...}.....(k...~@...r...p.(....o...+...~@....o.....*.......,..........~....*..0..........~@...rY..p~....o......o...+...s....%.o....%.o....%.o....Q..,..P..o.....Po....,..(....Q..Q+...Q..Po....Q.P.Pon......Ps1......~@....o......*..........`|........*..0..........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Data.Tools.Sql.BatchParser.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):42416
                                                                                                                                                                                                                        Entropy (8bit):6.202671104098941
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Vj1PqId9a5DhkNajFvP+0ghYjLsyji9zTC:V45WevDjLsyj+zG
                                                                                                                                                                                                                        MD5:A12109A8AE7741AEAA497EA8CF9E9E31
                                                                                                                                                                                                                        SHA1:0416B1FB24F041552861ACC4DFB4E39C280D86AB
                                                                                                                                                                                                                        SHA-256:BD5ABD1C28E35D78468AE873060F5149A511E645991D4D67EBB5E5858650666B
                                                                                                                                                                                                                        SHA-512:1704F31F25707AC8E8FCC5BA0C73D1FB8803F419D6D515B66675F9A1CDFE7CA75E1402D276A25A143D518D6442B68BF3A7308F351EB1BB5A29548B11294CDA24
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..r............... ........... ....................................`....................................O.......T............~...'..............8............................................ ............... ..H............text... q... ...r.................. ..`.rsrc...T............t..............@..@.reloc...............|..............@..B........................H........H..DC..........(...h.............................................(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..J.........{...........o}......{....,&.{........oQ......(w....{....X.Yo......-..*.*Z.{....,..{......o....*V.{....,..{.....o....*R.{....,..{....o....*.r...ps....z.r...ps....z.r...ps....z.r...ps....z"..}....*...(......}......o....}......o....}......o....}......o....}....*..{....*..{....*..{....*..{....*..{....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Deployment.Compression.Cab.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):46664
                                                                                                                                                                                                                        Entropy (8bit):6.318752066830875
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:dn/wuPvpgpgQclyf571ZuxFA8NjADB9eiEHoN8YPYiRvDPAMxkEerA:dn/pw71ZujvjyB9eXHrY7NzxirA
                                                                                                                                                                                                                        MD5:60460B06515CBD4503AF20E93ADC426C
                                                                                                                                                                                                                        SHA1:DC2863BDA508AE9235DAF09B0463099EBEECADE9
                                                                                                                                                                                                                        SHA-256:113CBAB3D6CA2DA3496B5573C263299423143D99AD36687EF40EFAE4EB5B0860
                                                                                                                                                                                                                        SHA-512:12EA5A4D2B020E6FE88C4153FE66CA89C00FACAA2C335905DE92B2C5E9DA2AE9529524DE0451F52967FC1CECF3892E506F74F0C2136D4336756B5E322B8FDA49
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ..............................6.....`.................................S...O.......................H(..........,...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......lB...Y...........................................................(....*:.(......}....*n.{....-...s(...}.....{....*n.{....-...s9...}.....{....*..,4.{....,..{....oW.....}.....{....,..{....oW.....}......(....*..(.....(....o'....(.....(....o%....(.......o*...*6.(.....o:...*:.(......o;...*:.(......o<...*"..(....*..(....*..{....*..{....*.~....-2.....( ...o!...r...p("........( ...o#...s$........~....*......(....*......(....*......(....*b....(%.....}......}....*......(....*.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Deployment.Compression.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36424
                                                                                                                                                                                                                        Entropy (8bit):6.364889650194673
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:sk98d9keuz569GHF+NE1AOyYiRvWq4AMxkEC:upuz568l87P7NW9x2
                                                                                                                                                                                                                        MD5:614875A83F459661D55C23E4EB6A0FC0
                                                                                                                                                                                                                        SHA1:9CDBF7E884DC9DBD0F058132594E78C618075B86
                                                                                                                                                                                                                        SHA-256:6A5A7873CAF7A9E9FF7C0112C23D66A5402D43C5D9C723B30731A896BDF1E275
                                                                                                                                                                                                                        SHA-512:11E27107BD01D0E2C3A8548C2346EC174B31E3BDC5A83961980F694F863C08277609AB83836424AC5DC00AEF077A0CE3F79CAC919B3A6AB49C6AA463B957697C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....gm..........." ..0..\...........z... ........... ...............................6....`..................................z..O....................f..H(...........y..8............................................ ............... ..H............text....Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H........7..`A...................y........................................(....*:.(......}....*&...(....*&...(....*&...(....*&...(....*..{....*..{....*..0..)........(.....o....(......(....,..(.....(......*..{....*...}......-..+..o....}......{....} ...*J.(....%-.&.*o....*..{....*V.{....-..(.....{....*V.{....-..(.....{....*V.{....-..(.....{....*V.{....-..(.....{....*..0..J........(!....-.r...ps"...z..(......(#...}......($...}..... ....}.....~%...}....*....(......}......}......}

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Diagnostics.Tracing.EventSource.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):170288
                                                                                                                                                                                                                        Entropy (8bit):6.171233805851188
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:jCU4ZNKSYH1v3TcytgRMJscQlIK0LrO9f2BEeur:jSZJYVvozmR7r4nr
                                                                                                                                                                                                                        MD5:9D51E15F3F75BF9372EDDF3C0789FA0E
                                                                                                                                                                                                                        SHA1:B90CD2AFF0492E4118B7F66B817F12C10C714D17
                                                                                                                                                                                                                        SHA-256:A20F6D6C0DAE7AC9C7C295B819D085BDFC7CFAB123E8FC4CA4DDFD0A88701D04
                                                                                                                                                                                                                        SHA-512:2F5E0553A85BA199C3C804593A5E8444CDBBA1F8E1EBD9F105148E368193CEC67A70812CD5024843FA14DB2091A210B77AD43BA503F33D1E85511AB4C78F771B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.^V...........!.....P...........n... ........... ....................................`.................................dn..W.......X............Z..0?..........,m............................................... ............... ..H............text....N... ...P.................. ..`.rsrc...X............R..............@..@.reloc...............X..............@..B.................n......H.......<3...9..........x....0..P ...................................... Y.....?.#......7...N..hP..6....\.R....F..{x......Lg-..G-lV)..g|..Z...A.6.j.q.}.o....,R..M.....L.3...>= #D.a.y&...d...T..`.0..{........{....-2.{....,.*..}....~^.... ....jo....,..(.....{....-.*.{....o.........(.....~^.....o....,..r...p.o.....r...p.(....o.....,d.{.....d21..~...........~..........o....,..rO..pre..po....*..._-#...(......,.......(.....{....o......-......(......+..|....(........(#........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Configuration.Abstractions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):30848
                                                                                                                                                                                                                        Entropy (8bit):6.457901257027944
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:0fdnD5UZiM3V9DtUdmHhO1o/9kTG/DHzzRjz6NMnSjm//MoWs6NWs8iXvHRN7AQx:snD5Uh3V9JUdGh4oNjsJn8ofdn6K9zB1
                                                                                                                                                                                                                        MD5:AEDD72E5081B78E4915234A46B9A6282
                                                                                                                                                                                                                        SHA1:17A7352924C82A4F32A5702276488EA4E162061F
                                                                                                                                                                                                                        SHA-256:4B80B254466D86F4D34A9F115B648371841E1BA38B0FDCB921A97321FC83FD77
                                                                                                                                                                                                                        SHA-512:72328957EE42D93BB16EB08F73FAA6B5C4F0BAC5E8142970D525CFC33D475F881D91D8A68004030433C170735142BA5366DCF0284135DA675795889BB1023028
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...nH............" ..0..D...........c... ........... ....................................`..................................c..O....................P...(...........b..T............................................ ............... ..H............text....C... ...D.................. ..`.rsrc................F..............@..@.reloc...............N..............@..B.................c......H........)...4...........^..X....b........................................( ...*..( ...*^.( ......2...%...}....*:.( .....}....*:.( .....}....*:.( .....}....*:.( .....}....**.-..(....*..s!...z.~....*...0..........(....,..*..(.....o"......&...*...................0...........(.......(#...-..,..*.*.(....,.r...p......%...%...($...*..(%...*.(....,.r...p......%...%...%...($...*...(&...*.(....,!r...p......%...%...%...%...($...*....('...*..,&(....,..r...pr...p.($...((...*..()...*.*.(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Configuration.Binder.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):46768
                                                                                                                                                                                                                        Entropy (8bit):6.308539879108505
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Ab4Mxwyaz0vWoCK3AG2l1VVS0goL/l5fhvsNL9zkn:AlfWoCK3W1G0gA5fhENhzM
                                                                                                                                                                                                                        MD5:FBB8F9085E565C7B620895CFF58C97A1
                                                                                                                                                                                                                        SHA1:73801190C39C6D4A9C08C9E53F8DEDA5B4EA669C
                                                                                                                                                                                                                        SHA-256:1F0390B8923E97809A652115B2C4E784BECD2765FD659F65BC1839E1D8531125
                                                                                                                                                                                                                        SHA-512:BB6A25BAAACB8E73D75BE7F233855FBE518CEEA8D452ADA1DE2FC684DD23AD3A674770CACA6819108888C2663E14ED847382944805DCE747C942844552E75BA7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-H..........." ..0.............J.... ........... ....................................`.....................................O........................(.............T............................................ ............... ..H............text...P.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................+.......H.......h<...X..........4...8...l.........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..( ...*.*.(....,.r..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Configuration.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):42616
                                                                                                                                                                                                                        Entropy (8bit):6.362175629513462
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:wXrvry8NKTIpSpAB2CxbjOn+s6QNGd6VofQXG2tC9zL:wXrvry8NKRAljS6QQdXf3zL
                                                                                                                                                                                                                        MD5:C7A5D4162FFB59288ACD50FDE970614E
                                                                                                                                                                                                                        SHA1:6340EC94970E0625B2E52D6785219421D56591DF
                                                                                                                                                                                                                        SHA-256:8B2C284484A14BC71AC83C101CE81878FE07446AE2D0E3967E31A4EEC66FF3C0
                                                                                                                                                                                                                        SHA-512:4061EA372D8D96D3A932CE128BC5A732D147327CF03ED8CC71DB3247ABF7990EAC44E335754054FAED845B364F48BF3E470ABB75E87206697410390C49FD0BD0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e............." ..0..t............... ........... ....................................`.................................-...O....................~..x(..........0...T............................................ ............... ..H............text....s... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B................a.......H........9..@S...........................................................(....*^.(.......<...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o ......&...*...................0...........(.......(!...-..,..*.*.(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%...%...%...("...*....(%...*..,&(....,..r...pr...p.("...(&...*..('...*.*.(....,.r..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.DependencyInjection.Abstractions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):48256
                                                                                                                                                                                                                        Entropy (8bit):6.234996524588368
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:AMWC5N7mKWPKz4VJ4e0jeuTGlBh0JzqPPxofk3l9z2I:Y67hCfV8j3TGlB+JsafkHzP
                                                                                                                                                                                                                        MD5:37EB7CCE6E282D3572D64C880E1AC3C8
                                                                                                                                                                                                                        SHA1:9A2952589A19D650932E7C633577EB9AFC04F959
                                                                                                                                                                                                                        SHA-256:039155F155C5D14F5B73F4EE2CD1FBD9290F391B88A1D2A0BA815569205EDB74
                                                                                                                                                                                                                        SHA-512:E3C2EF1CC52E3AA5BD77B74DEC93A4FC9E908DF823426F13CA304265D41605DE51970CC8C7E18C2E76319D3225707B2EA2D8613402A25C4FBD3951E70FCFD521
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....v..........." ..0.................. ........... ....................................`.....................................O........................(..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........=..da..........0.................................................(....*..(....*^.(.......>...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..( ...*.(....,.r...p......%...%...%...(....*...(!...*.(....,!r...p......%...%...%...%...(....*....("...*..,&(....,..r...pr...p.(....(#...*..($...*.*.(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.DependencyInjection.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):88192
                                                                                                                                                                                                                        Entropy (8bit):6.25584016939133
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:0kUuBN7CjSkp9oa++t1BVryVKXDORdDeCNia6Lj4Fu/qSGnJdo0Wzs:ju/t/VryVKXeDezVLj4F/JdWQ
                                                                                                                                                                                                                        MD5:4186A905DC180A0CC2110403727BD792
                                                                                                                                                                                                                        SHA1:E0563D20CA7E95688A60F4BFC1AB0127EAE1F651
                                                                                                                                                                                                                        SHA-256:40DCB80A87A762745D0A15294B5CA7783A9EAD1D93AD352D25B5EDAF4994651E
                                                                                                                                                                                                                        SHA-512:1C3459232B41C531F01BCCE54E46799F2FB3FCD6C87D7F908C633ABCC718D9726D98E65F964B1A870D416A38F545971779054FE65F7C1299905FC7DC24FA2DEC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..&..........>E... ...`....... ....................................`..................................D..O....`...............0...(...........C..T............................................ ............... ..H............text...D%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H........l..@...........02..0...`C........................................(....*..(....*^.(.......k...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..0..........(....,..*..(.....o ......&...*...................0...........(.......(!...-..,..*.*.(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%...%...%...("...*....(%...*..,&(....,..r...pr...p.("...(&...*..('...*.*.(....,.r...p......%...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Http.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):70784
                                                                                                                                                                                                                        Entropy (8bit):6.196223071822515
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:1ceneAiEa6CQBzakOBWqMibdyuCZKR58Oo0MAzD:1ceneAi1e+BWqMbuIQOODv
                                                                                                                                                                                                                        MD5:3991881E8021C76DC84D45C1AF5DC839
                                                                                                                                                                                                                        SHA1:09CCC01EE7F63A2060F2E4367640A2F1381F51AB
                                                                                                                                                                                                                        SHA-256:780624DBA719B1CFF502212EE1E2552760595981204815D2546E0C1AFCA1D170
                                                                                                                                                                                                                        SHA-512:B017750F20A240B4D1B4AF31A27448F8BCE461D3832234747A14C124D94FD1774CD7ECE715ACD5DB700F05B10D00585884A40CED60AE7F861FE902229D2AD2D6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...NK9..........." ..0.............v.... ........... .......................@....... ....`.................................#...O....... ................(... ......8...T............................................ ............... ..H............text...|.... ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B................W.......H.......lT..............p...H.............................................(....*..(....*^.(.......]...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......( ...-..,..*.*.(....,.r...p......%...%...(!...*..("...*.(....,.r...p......%...%...%...(!...*...(#...*.(....,!r...p......%...%...%...%...(!...*....($...*..,&(....,..r...pr...p.(!...(%...*..(&...*.*.(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Logging.Abstractions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):66168
                                                                                                                                                                                                                        Entropy (8bit):6.244232305822381
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:bJSQpn6Ge9qAeIbNGgc+EnOZV2k8tDbBJKrwMuwZ5Xsel7Zuo7zZBTJRBttY4h0G:bbyqwNGgTtHXnZhttgOVeLfVjzSt
                                                                                                                                                                                                                        MD5:1A5BFF28FB38234646951AA48DA14620
                                                                                                                                                                                                                        SHA1:476E699A9AD01E6A455783497F57A9322D657F63
                                                                                                                                                                                                                        SHA-256:5BBE7C1D06585CAB5482B50B87A0DF3476A7617C5D849A75D6D91E013F2BC877
                                                                                                                                                                                                                        SHA-512:88CE7AC8F61DEB8D99AEFA6AFBE11EDD033D0274D1F69B51F2C099ABD99BFEAC66B6252E9F7B5BF52FFCC983618BF11590EF27B387CF61C22DF16DA70717FBC8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."Y#..........." ..0.............B.... ........... .......................@............`.....................................O.......................x(... ..........T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................#.......H.......|P..(...................d.........................................("...*..("...*..("...*^.("......G...%...}....*:.(".....}....*:.(".....}....*:.(".....}....*:.(".....}....**.-..(....*..s#...z.~....*...0..........(....,..*..(.....o$......&...*...................0...........(.......(%...-..,..*.*.(....,.r...p......%...%...(&...*..('...*.(....,.r...p......%...%...%...(&...*...((...*.(....,!r...p......%...%...%...%...(&...*....()...*..,&(....,..r...pr...p.(&...(*...*..(+.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Logging.Configuration.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):31864
                                                                                                                                                                                                                        Entropy (8bit):6.405489472577025
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:wXpuYhU1PKBj42FjvfsIeU7LloftZ49zU:YpaoHj3suufwzU
                                                                                                                                                                                                                        MD5:D89D262A610F50D8929DD38F28A90A4E
                                                                                                                                                                                                                        SHA1:B482ADD4CCE66BC9883791CE8558FA732FB1A83E
                                                                                                                                                                                                                        SHA-256:D2E1659F9CA15C4E4ADA909D5C556CCFA0F6EE0F2FEDB8DB2332FAD1D630F7E9
                                                                                                                                                                                                                        SHA-512:A29636BD773A8DD4790DADF3A48962DE29E27D606E71DF0D9D9ECDD4A3DE9CF50281E7C8243B43AF910E74EC4489894BDA4CEA297C6A54C4C0D83356C3ECF492
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....~..........." ..0..J..........*h... ........... ..............................Pc....`..................................g..O.......L............T..x(...........f..T............................................ ............... ..H............text...0H... ...J.................. ..`.rsrc...L............L..............@..@.reloc...............R..............@..B.................h......H........(..P:...........c..H...Hf........................................(....*^.(.......1...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Logging.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):49792
                                                                                                                                                                                                                        Entropy (8bit):6.367397866322056
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:UwqdTsmcSrZz2tWWqLXu5h/sfxwuo0N1pOQ69zNc:Uwqu7qSZsfDo0sze
                                                                                                                                                                                                                        MD5:ACC186364F11860FF6F3F9E3C1A7CA9A
                                                                                                                                                                                                                        SHA1:017F1C5C5D683CDF740E7666A198841069D5EAA8
                                                                                                                                                                                                                        SHA-256:A8E30FF3D55DD697B149529E981A56705E1CC675E338DAF09D16987F84B46354
                                                                                                                                                                                                                        SHA-512:7D47B589AF06E7215FF21BCEA1F6AF35AA6FF0D59AABBF77CBE8DACF7686F9DD82AADE02EF398AE4CFFACC59FF0BC5E27179A99809CFD350976F37E4E5BFD5B6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ..............................|.....`.................................9...O.......(................(..........H...T............................................ ............... ..H............text........ ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B................m.......H........?...j...........................................................("...*..("...*^.("......Q...%...}....*:.(".....}....*:.(".....}....*:.(".....}....*:.(".....}....**.-..(....*..s#...z.~....*...0..........(....,..*..(.....o$......&...*...................0...........(.......(%...-..,..*.*.(....,.r...p......%...%...(&...*..('...*.(....,.r...p......%...%...%...(&...*...((...*.(....,!r...p......%...%...%...%...(&...*....()...*..,&(....,..r...pr...p.(&...(*...*..(+...*.*.(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.ObjectPool.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25352
                                                                                                                                                                                                                        Entropy (8bit):6.507177539992328
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:3SvZrQrgFOADPcdpr0Wc32QW0NvTb2HRN7QVEnR9zVHpXW:3EugcwUdpWNv/iaER9zVJXW
                                                                                                                                                                                                                        MD5:3E1A7A9976DDE8020A6BB3F6F1A27600
                                                                                                                                                                                                                        SHA1:DC6E70E86FCF5EFA28C93D05B6CC77579BC15C02
                                                                                                                                                                                                                        SHA-256:4EB25A717DED583DBF26069D1EBC5A101CBB0060F3935F26447216CBBA53FA28
                                                                                                                                                                                                                        SHA-512:AC659CA2E0C2C6E5C8A2C12D15E5EAA8D0A252EEDC5DEB5B2BE605C3AA15A8CD2711B9B7C295EFE3D82F9DAE722D11621C9BD31D7765CC85DD5A7FF51124AF8B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........." ..0..0..........:N... ...`....... ..............................>.....`..................................M..O....`...............:...)...........L..T............................................ ............... ..H............text...@.... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................N......H........'...$..................pL........................................(....*^.(....... ...%...}....*:.(......}....*:.(......}....*:.(......}....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(.......!...%...}....*:.(......}....*..{....*z.(......}.......!...%...}....*V.(......}......}....*..{....*..{....*>..(.....Z(....*....0..V..........}.....(......{....%-.&r...ps....z}......{....u...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Options.ConfigurationExtensions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):27776
                                                                                                                                                                                                                        Entropy (8bit):6.500318527078949
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:xe+hKWO1bl010D1y4nC03ndaX2PhRX03x+nT4T6xtYzWzK0WsX/WyRIHRN7NaOQy:xe+hx+bBnngX2TfTydWXuo0NaOQ69zb
                                                                                                                                                                                                                        MD5:E08BB2B44A41B9E013F47EB28AE3C7A0
                                                                                                                                                                                                                        SHA1:248EF5275D39CAD9E971E08EDC0C03B2AF31B9CB
                                                                                                                                                                                                                        SHA-256:7A8643E7B00981F3A44C3176B8C0F1AF9B9593F7473A903D3961802D74A807F3
                                                                                                                                                                                                                        SHA-512:A58FEDB07B92C176FDEE16CF2E60DD94D9BEECD62CECED728C33BD47335141DA028C8176A1B7BC603ED70E3CAEAFBD8B0F7E180A17785D01D35D911AE1578EAB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:............" ..0..:.........."Y... ...`....... ..............................Y)....`..................................X..O....`...............D...(...........W..T............................................ ............... ..H............text...(9... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B.................Y......H........%..D1..................,W........................................(....*^.(.......&...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z:.(......}....*..{....*:.(......}....*..{....*..{....*"..}....*V.(......}......}....*..{....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(......}....*..{....*..{ ...*"..} ...*..(....*..(....*..(....*..(....*:.(......}!...*..{!...*:.(......}"...*..{"...*:.(......}

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Options.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64144
                                                                                                                                                                                                                        Entropy (8bit):6.29322148892306
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:vONSDQiLnQy3PA7A6duKBn1QClL+otQmp2q4gFHn91nHsyH7OvFwuo0Ob50Zi9zm:WmQI0U6ri0+orpeu9ayHYFZo08zuL
                                                                                                                                                                                                                        MD5:A78597736475E3143B4FC6EF49F9DD97
                                                                                                                                                                                                                        SHA1:4A20DDE58F07C09633374566E092B77A2429449B
                                                                                                                                                                                                                        SHA-256:C74798FBD888AA5CD7589AB6CDB924E7BD69A03090DD193E9EF950050403919F
                                                                                                                                                                                                                        SHA-512:065564A3094C8EF28B218AA003512B3BA8F8C1FA8AC3AA9AA0F0794904E26AE923834C4EB546372D9BB58C461290545856B664EFC4385D8CA6F1592C62523404
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n............" ..0.................. ........... .......................@......;f....`.................................-...O.......H................(... ......<...T............................................ ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc....... ......................@..B................a.......H........G..............$.................................................( ...*^.( ......>...%...}....*:.( .....}....*:.( .....}....*:.( .....}....*:.( .....}....**.-..(....*..s!...z.~....*...0..........(....,..*..(.....o"......&...*...................0...........(.......(#...-..,..*.*.(....,.r...p......%...%...($...*..(%...*.(....,.r...p......%...%...%...($...*...(&...*.(....,!r...p......%...%...%...%...($...*....('...*..,&(....,..r...pr...p.($...((...*..()...*.*.(....,.r..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Extensions.Primitives.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):47232
                                                                                                                                                                                                                        Entropy (8bit):6.290612031588469
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:5vwI/tRiB1tAMH0BdaNg0CAAQ59414DCtOPOXmWwjjcKMuiIKfuUIwIuo0hyJm9I:thlRiBRE8b7CtOPRjjjBMuiIKfZIqo0E
                                                                                                                                                                                                                        MD5:72DB6FF0A92724CB156A6E8FBC559AE6
                                                                                                                                                                                                                        SHA1:C50DE610D1DB4E2A83F21D6F2F23DCFC2B6C9C22
                                                                                                                                                                                                                        SHA-256:DC997827664EE67DA9D93C08E012F4F77AFB166236B06C8371D9379F7CFD4215
                                                                                                                                                                                                                        SHA-512:BD963BC3B33840EF7E2450AE4B41BFC6302EF356BAC50E69CF1D3C9323508CFD30B8C3FF5754AC9D2C8B86677530C5440F88EBB6B954A498D0EBEA741EDAA824
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'............." ..0.................. ........... ....................................`.................................K...O.......l................(..........T...T............................................ ............... ..H............text........ ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B........................H....... A...Z...........................................................()...*..()...*..()...*^.()......B...%...}....*:.().....}....*:.().....}....*:.().....}....*:.().....}....*.~....*..0..........(....,..*..(.....o*......&...*...................0...........(.......(+...-..,..*.*.(....,.r...p......%...%...(,...*..(-...*.(....,.r...p......%...%...%...(,...*...(....*.(....,!r...p......%...%...%...%...(,...*....(/...*..,&(....,..r...pr...p.(,...(0...*..(1...*.*.(....,.r...p..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Identity.Client.Extensions.Msal.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):66560
                                                                                                                                                                                                                        Entropy (8bit):5.951883963164671
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:okLYusxQROwTQFvshP9CyviJFTgbOsX0SXVuBEUOhSG7w3Aza8049zOW/:cusTxvwPMJlgbeA/U6SG7w3WapwzOa
                                                                                                                                                                                                                        MD5:3D9F150FF942BE6EF02EEB79F8BDC073
                                                                                                                                                                                                                        SHA1:533224CF44ED70A3223FA49417B0DB4040D75F3C
                                                                                                                                                                                                                        SHA-256:8ED77B9F04ACA47726DDEC9C5A5CFE8342143988212429303C5DEBC4062EBBB4
                                                                                                                                                                                                                        SHA-512:8DCA60054F9FAE3C6DAFF918AAA8858DD3CE653BC27D381469289D7D29D576E5303C667D46EA46D50DE53B0A387CAEE77B0D3467401F634AAB49CE7E0FAC41F3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@......M.....`.....................................O........................(... ..........T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H....... Q......................8.........................................(....*:.(......}....*..(....*...r...p..(....(....(......}....*...r...p..(....(.....(......}....*..{....*rr=..p.o.....(.....D...(....*.rY..p.(.........~....r...p(.........~....r...p(.........*r..(.....F...( ...(!....F...*..(".....}......}......}.......}....*..{....*..{....*..{....*..{....*...E...%..(#....%.r...p.%..(!....%.r6..p.%..("....%.rN..p.(#...*..0..).......rR..p.(.........~....r...p(.........~...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Identity.Client.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1654384
                                                                                                                                                                                                                        Entropy (8bit):5.824635320712755
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:gANL3XPmxcWqQRJk0HPnpKSBz4RaBinQj7jsyGzaj6Fvg:5NL3/m/1v40BinQj7jxdl
                                                                                                                                                                                                                        MD5:7389C5121C19176155DB4317C3443775
                                                                                                                                                                                                                        SHA1:3ED6053ACB8904CF9087EB5D11066DDD7C181814
                                                                                                                                                                                                                        SHA-256:C12ECBFF7F5A5F4712F273CF9E8DE41C86FFFA86C9442598AA22E6973337762F
                                                                                                                                                                                                                        SHA-512:7A05862E37B217F19D44E5273B55DED40568FAD4A6DFC878FA89E951669C67F526DCD63937F9BAF97D8D02D44846058FC48DD74CAA35B925B2FCCF6D91ABA391
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1............" ..0..............$... ...@....... ..............................>.....`.................................H$..O....@..h...............p(...`......\#..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B................|$......H.......h,..$...............P...."........................................(....*..(....*^.(.......}...%...}....*:.(......}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*...0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{w....3...{v......(....,...{v...*..{x.......-..*...0...........-.r...ps....z.o......-.~....*.~

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Abstractions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20000
                                                                                                                                                                                                                        Entropy (8bit):6.557995446147727
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:CjwSPsN2OlyQ1VEyPzWdkoW6LHRN7kR9zoqwkf+a:ybEl7bxULI9z/7
                                                                                                                                                                                                                        MD5:7A91AECAAE8F83B59F98C75E96C77932
                                                                                                                                                                                                                        SHA1:A1A474582934C6D87360418532415490D081D97F
                                                                                                                                                                                                                        SHA-256:D2DF4A4F1D6D74BCCAD8F7AEB5B3FD5BC299E4E4D5B14F5BB40A6E4D418231B9
                                                                                                                                                                                                                        SHA-512:3C4425D45526040E36657EEC6AF164DD81F8EC7B33AA6E9F94C306958453BD5857BB50BBFA334BC32BAD9CFE6CAFC0E703F1E3BA6869669917D5CDBBA4626821
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8............." ..0.............B:... ...@....... ...............................T....`..................................9..O....@..h............&.. (...`.......8..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...h....@......................@..@.reloc.......`.......$..............@..B................#:......H........!......................t8........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*.~....*..(....*..*.*.s.........*..{....*"..}....*.~....*..(....*..*..*.*.*.*.s.........*..{....*..{....*"..}....*2.(%...t....*&...(/...*:........(/...*:........(/...*:........(/...*:........(/...*:........(/...*r.-.r...ps....z.(%.....o....*J.s....}.....(....*.BSJB........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Clients.ActiveDirectory.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1081728
                                                                                                                                                                                                                        Entropy (8bit):5.855650173418682
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:u3FbPhk4NtPN7KcbqiAg94QsMPVLXtY7l00qoBaj4ar80ctPH:Mkan7KcbqiAx4Zyl00qoBaj4H
                                                                                                                                                                                                                        MD5:E2164AEE6391EE0633BC1118BDA26CBF
                                                                                                                                                                                                                        SHA1:9E47F7C8EDED6AF776DC9B9334E41F6A3C5886F5
                                                                                                                                                                                                                        SHA-256:99B4CA3049FBB0FFF1456C3D89BC01FE04BBD8DDEB221D13B8F749195F01FD81
                                                                                                                                                                                                                        SHA-512:90FB855942BFCC017A3637FBEAD63CC66E1EC218C6EA73454595ABA5FE5C9E3A8B59F7F6C51E0313855FE44E560C4FA6E5E191B3CC618C607555389ADB222831
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..N..........ji... ........... ..............................d.....`..................................i..O....................Z...'..........Dh..8............................................ ............... ..H............text...8L... ...N.................. ..`.rsrc................P..............@..@.reloc...............X..............@..B................Ki......H.......@...4X..........ta..P....g........................................(....*..(....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{)....3...{(......(....,...{(...*..{*.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..o....aX...X...o....2.....cY.....cY....cY..{......{...._..+%.{)....3..{(....o....,..{(...*.{*.....-....(....*.0..H.........{.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.JsonWebTokens.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):123936
                                                                                                                                                                                                                        Entropy (8bit):5.799380911293696
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:BLthCiVh+QDdvXo+rlYfDphX1/khN9XNEgfpXaXr0iMJgBGILkDzVZl0+88niFFc:9thCiVh+wA/knammI
                                                                                                                                                                                                                        MD5:E26BBD97552B55A609B96BD9D2217432
                                                                                                                                                                                                                        SHA1:ADDDE6F4EB4D52FA2B48D88D57FAABAAA8598160
                                                                                                                                                                                                                        SHA-256:176A6A99FA385583A0044DC4C2307DF333DE2BC0096474EC631EFBEFEDBDEBF6
                                                                                                                                                                                                                        SHA-512:4711919970F419AE0D14A4AB9E13DFDAEA0B5BF4D9F4AB4DAC83E3E46CCEA4D16E6CFDB1A861A4537C68B5DACD326F1153B3299BE9E598C798FA7FFCB94501D7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....cc..........." ..0.................. ........... ....................... ......._....`.................................A...O....................... (..........D...T............................................ ............... ..H............text...8.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................u.......H...........(4............................................................(#...*:.(#.....}....*..0..........s$...%r...pr...po%...%r...pr...po%...%r ..pr,..po%...%r...pr...po%...%rG..prU..po%...%r...pr...po%...%re..prs..po%...%r...prs..po%...%r...pr...po%...%r...pr...po%...%r ..pr(..po%...%r...pr...po%...%r...pr...po%...%r...pr...po%...%r...pr...po%...%rr..pr...po%...%r...pr...po%...%rN..prd..po%...%r...pr...po%...%r...pr...po%...%r...pr...po%...%r~..pr...po%...%r...pr1..po%..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Logging.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):38944
                                                                                                                                                                                                                        Entropy (8bit):6.2684578055296765
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:uYCu44LF0bK23C8HazUtb+KjwhAfgLY9zVmlV:uo4O0bbHtI+kGgLQzVmz
                                                                                                                                                                                                                        MD5:12C2C3A5ED392D720D548BD580A349C5
                                                                                                                                                                                                                        SHA1:C3632757A6E40B9B85B9E809D39A42FEBEDCFCDC
                                                                                                                                                                                                                        SHA-256:262AA7257CB874A8CABF96B5A6D18B4A217F5C9D2A841CD1A7D9ED1724E59DDB
                                                                                                                                                                                                                        SHA-512:D4E1323438A89B7D9FA290593EB911330E1CC02B026B8E71456961F731193022E513BA028D567BFC113E1B0A38E5E8F0A3BA4276C072412276B443B2649DB051
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....h..........." ..0..f............... ........... ....................................`.................................-...O....................p.. (..........<...T............................................ ............... ..H............text....d... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B................a.......H........2...P............................................................(....*:.(......}....*:.(......}....*..{....*..{....*"..}....*V.(......}......}....*..{....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(......}....*..{....*.0..Y...................r...p.....r...p. .....!...r...p."...r...p.#...r...p.$...r*..p.%...s.........*:.(......(....*.~....*.~....*.......*.~....*.......*.~....*.~ ...*.~!...*...!...*~.(....,...(...+(/........(....*..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):119840
                                                                                                                                                                                                                        Entropy (8bit):5.682927592778567
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:w1OD9UdiYkMwHmevzLh1ObHRbIO1jAUbAXelzX8pc4CiRw9ELdzK:iOukMOmeJ1ObRH1WXkX8pc4OEx
                                                                                                                                                                                                                        MD5:459926631925FD244FB9509BAC523C3B
                                                                                                                                                                                                                        SHA1:DD54B28BB36B3D6C1DDE53DE22129AF2D9E20E0E
                                                                                                                                                                                                                        SHA-256:92CA744CE36E06E8C0B9A3F32AB76509AAD31BCFE374574108174BDCA7BEAC76
                                                                                                                                                                                                                        SHA-512:F676B6CACD619CB5078E7E8E344D91F4D68DB7F9A664CAF6F4ACE1DF3EC8C9F5EB86A9761C8770496940EADEDA2EEDD36C0E7827300CD6939A479554FEA71BDB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...27..........." ..0................. ........... ....................... ............`.................................u...O....................... (..........d...T............................................ ............... ..H............text... .... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........g...O...........................................................(....*:.(......}....*..(....,.r...p(....z.(....,.r...p......%...( ....s....*..-.r...p(....z.(....,.r...p(...+( ....(....*J.s"...}2....(#...*...0...........s"...}2....(#....(....,.r...p(....z..(....,!rC..p......%...%.r...p($....( .....(....&...rJ..p......%...%.r...p($....(%....s&...('...z*.......%.3X........{....%-!&.|....((...s)....(...+%-.&.{....*..{....%-.&.|....s+....(...+%-.&.{....*..{....*"..}....*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Protocols.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):40496
                                                                                                                                                                                                                        Entropy (8bit):6.188631036077028
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:4fnpkdlnbUkPXj4dae0Uimsq/Nza+I1R9zZEr:GmTU8XswdPXq/la+0z6r
                                                                                                                                                                                                                        MD5:869578E61196A41E5383C1CD9D7C02B2
                                                                                                                                                                                                                        SHA1:0D2EC41E7346C1A4AC622A358D3BC807211199FA
                                                                                                                                                                                                                        SHA-256:5D1C2A30D99D15E3B0FA783846B637A174C71F9A4BEEC2D4DD62701668BB8EBB
                                                                                                                                                                                                                        SHA-512:66A465890157845D6E216EB2F7581FD43384957CA55B891F9F5E5481C54E7D472088B4059449E59B9124F39E2616333DA5D14BFBA52E3DAD69AEDD80D8257F68
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."............." ..0..l..........f.... ........... ....................................`.....................................O.......P............v..0(..............T............................................ ............... ..H............text...lk... ...l.................. ..`.rsrc...P............n..............@..@.reloc...............t..............@..B................E.......H........8...P............................................................(....*:.(......}....*..0..I........r...p}.....r...p}.....r...p}.....r...p}.....s....}.....~....}.....(....*....0..;.......s......rP..po....&..(....(....o....&.rx..po....&..(....(....o....&.r...po....&.{....o.....+R..( .....r...po....&...(!...(....o....&.r?..po....&...("...(....o....&.rS..po....&..(#...-...........o$.....r]..po....&..(....(....o....&.ry..po....&..(....(....o....&.r...po....&.r...po....&.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.IdentityModel.Tokens.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):285728
                                                                                                                                                                                                                        Entropy (8bit):5.731624873167541
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:kpSCnnOayqKG8e8k4qahbqt/wjoqFnX1PuEWD574:kkCnVy9Gf
                                                                                                                                                                                                                        MD5:99375FEDF193484344E647ED73024B4A
                                                                                                                                                                                                                        SHA1:E4F5EBF3F3222F5A93F430D2FD85B4E1B1C73237
                                                                                                                                                                                                                        SHA-256:52E734B9FFA2ACC2CD25684EE815ECD398F1FB0D1FC3F26B58AE5D5C522B5F41
                                                                                                                                                                                                                        SHA-512:46D5EDA432E1A0AD5EF6BC7DCC56C0CE76395353C5F472020FA535A9828E18E86D6443D530773BBEB2F93E79CF0B54F4AADE55CB36F01E3F845F6CDAF8BB2E46
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0..*...........G... ...`....... ...................................`.................................3G..O....`...............4.. (..........DF..T............................................ ............... ..H............text...`)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B................gG......H........7.......................E........................................(-...*:.(-.....}....*......(....*..0...........~....%-.&.......s....%.....}.....~....%-.&... ...s....%.....}.....~....%-.&...*...s....%.....}.....~....%-.&.......s....%.....}.....~....%-.&.../...s....%.....}.....(......("....u`.....,....(%...*.u......,......(&...*.uK.....,x...(p...9.....u`.......,.....(%...*.u........,.......(&...*.u........,....(#...*r...p......%..(/....%...(0...s1...(2...z.u........,.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Rest.ClientRuntime.Azure.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):98168
                                                                                                                                                                                                                        Entropy (8bit):6.114949562352197
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:D/b2qU/bUWxe7OkV74yBYG9prrW7Wl8kAjn/3kxBtn:D/bQ2kyBt9pfWE8DMJ
                                                                                                                                                                                                                        MD5:A363F9824C1808052EA2B18E84A18CE2
                                                                                                                                                                                                                        SHA1:CD44211AEB0F768D1DD64B466D2C6FE45437A218
                                                                                                                                                                                                                        SHA-256:08C4FAFACC2498AAD72FC65DD75808CA36D6D19A48D47EB275446EC5C92BCC91
                                                                                                                                                                                                                        SHA-512:F3A36F972AF49BD171911EE17DB9ED24A5217D993358A4AE71043A2CB205B1BEC806BD51F244C0A1A6BD97D56B2EC89EDD96D0667A1A3E01D658F997AA5F3917
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*............" ..0..R...........q... ........... ....................................`..................................p..O....................\..x#...........o..8............................................ ............... ..H............text....Q... ...R.................. ..`.rsrc................T..............@..@.reloc...............Z..............@..B.................p......H...........(............\......Po........................................(....*.0..2.......~....-%r...p.....(....(....o....s ..........~....*.~....*.......*V(....rq..p~....o!...*V(....r...p~....o!...*V(....r...p~....o!...*V(....r...p~....o!...*V(....rU..p~....o!...*V(....r...p~....o!...*V(....r...p~....o!...*V(....r~..p~....o!...*V(....r...p~....o!...*V(....r...p~....o!...*V(....r...p~....o!...*V(....r8..p~....o!...*V(....rz..p~....o!...*V(....r...p~....o!...*V(....r...p~...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Rest.ClientRuntime.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):85408
                                                                                                                                                                                                                        Entropy (8bit):6.191800874019152
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:eKQdFmvOcdJlO8E+Tm6K8RSGWp5318NJahgoer9A6Qzuj:ebFmvv346KNp53qv6eQ4
                                                                                                                                                                                                                        MD5:09688DA885C75D87C11D0C9638ED40D6
                                                                                                                                                                                                                        SHA1:5614F3CD37F391369BD134A706AA81144655983B
                                                                                                                                                                                                                        SHA-256:08E1D859E575AD7D66BCB9D8B6DEC07CC5A7B909145B07FC4A6703AEBCA33F23
                                                                                                                                                                                                                        SHA-512:1D68D657381BF6EF433883457E962D7391D2892BD4A39601E7150F2EF02C4FF665E4F6781A7EE5A538AB3111A45A32ADFC738C5525375273EF90640E55E7FD3A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............B;... ...@....... ..............................,b....`..................................:..O....@...............&...'...`.......9..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................!;......H.......8n...............*......p9........................................{....*"..}....*..{....*"..}....*...0..Y........-.r...ps%...z.o&...r...p('...((...r...p.(.....(....()...o*...o+...(,...s-...o.....(...+*..(....*..{....*"..}....*r.(.....-.r-..ps%...z..(....*..0...........-.rY..ps%...z.o0...~1...%-.&~2.....3...s4...%.1...(...+u....%-/((...(.....o6...o7.......(8...o7...()...s9...zo:....(....o;...&*....0.."........,..o<....o=......(>......(?...*.*f.,..o@...,..o@...oA...*.*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.ServiceBus.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):3749296
                                                                                                                                                                                                                        Entropy (8bit):6.013158244728302
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:/nmvlouNQWu8KPzVFG6FQd5ykLuAhU4peGlqEs3Ghhallch8adYVraO:6OZFGbvTs3Gellmrd4
                                                                                                                                                                                                                        MD5:6FB0E1F5403AA0145D9B1C220BB0C4E4
                                                                                                                                                                                                                        SHA1:3A37D782C26D50D922358EF6C31A92172D1303C0
                                                                                                                                                                                                                        SHA-256:E6DD3C6EEF764B3764034A750E8E575DB9ABD467923B90A1041938DE497AE1AD
                                                                                                                                                                                                                        SHA-512:FB760A98E46847EC0E6E95092EA2A40D8F2D528FC0733B31602E3BE0B5B885935ADC96FEC970D1ED48188CA1B294C57973B1F06C0DCA87F7A8A401E8FE4581E0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............" ..0...6..P........6.. ....6...... .......................`9.......:...`..................................6.O.....6..M............9..'...@9..... .6.8............................................ ............... ..H............text...<.6.. ....6................. ..`.rsrc....M....6..N....6.............@..@.reloc.......@9.......9.............@..B..................6.....H...........p.#..........a4. $....6.......................................(E...*..(E...*..(F...*..(F.....}......}......}.......}....*z.{.....{.....{.....{....s....*.*..(F...*...0..W........{G....{H....i2).{H....i.Z.......{H.....{G...(I.....}H....{H.....{G......X}G..........*..0...........{H.....{G....Y..}G.........*R.{H....{G....Y.....**.{G......*N.......}H....(F...*V.(F.....}......}....*..0..\........oJ.....}K.....{L.....}M....{N....{M...oO....{P....{Q...oR....{S....{T...oU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Assessment.Types.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20872
                                                                                                                                                                                                                        Entropy (8bit):6.451456877969591
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:aFnFcxMOuV/Pd4Icut0yGWD1+VWcyHRN7lv8VslGsNY0:c3zEdulvCV0
                                                                                                                                                                                                                        MD5:9767846DFA84659CD529F3516A440A44
                                                                                                                                                                                                                        SHA1:E7816B435A19B909A66EAEDE084C2852CA7C551F
                                                                                                                                                                                                                        SHA-256:269CD9B7C729959E4FF413147CF9B73B31FAA8B9A3EBF26C734156B23BDDB3D0
                                                                                                                                                                                                                        SHA-512:9D8A0EB76EF3BDA846F0660599B08E74ECC011920CA050C75A42C0DB9322E55B5497145AC24BD528D1C759CBC42ECB22981D60EF06DA92D55F24A293AD48CDC1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J6............" ..0..$...........C... ...`....... ...............................e....`..................................C..O....`...................#..........pB..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H.......h".......................A......................................J.(.....s....}....*N.(......s....}....*N.(......s....}....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*6.{.....o....*N.{......("...o....*F.{....o.........*2.{....o....*..{......(......(....("...s ...o!...*N.{......("...o"...*2.{....o#...*..{......(......(....("...s ...o$...*:.{......o%...*..{......(......(....("...s ...o&...*6.{.....o'...*6.{.....o(...*:.{......o)...*&...( ...*.0..m........(*...,.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Assessment.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1202064
                                                                                                                                                                                                                        Entropy (8bit):5.734015158811564
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:6DD4PO66KmqN2SPidCX5q2EzNic0SWQZwOFaCGAj:6gmqodCI50HQZXFaCGAj
                                                                                                                                                                                                                        MD5:49747531C7DD9B5C511A46290F9BD0B1
                                                                                                                                                                                                                        SHA1:E68ED2E4096FD93EEE114DE508DEEA10BF3A8CE4
                                                                                                                                                                                                                        SHA-256:CEDD56CFC00C40BBA7C41439FDAED2F5E6EEB4349D3D27F39212203CABF2E8FE
                                                                                                                                                                                                                        SHA-512:D65FABF10A589557722D434A5FC37E08D28BDA2CFA45C9DD4D254F0E4B877687EFAD3B70E38E1747DAC6DC83F07FC0FE7A503BCDDB7B80A97BD43DC239756910
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S.d..........." ..0..&...........E... ...`....... ....................................`.................................AE..O....`...............0...'..........dD..T............................................ ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................uE......H.......4R..X............W..X....C........................................{O...*..{P...*V.(Q.....}O.....}P...*...0..A........u........4.,/(R....{O....{O...oS...,.(T....{P....{P...oU...*.*.*. .-.. )UU.Z(R....{O...oV...X )UU.Z(T....{P...oW...X*...0..b........r...p......%..{O......%qc....c...-.&.+...c...oX....%..{P......%q.........-.&.+.......oX....(Y...*>..s"...%.}a...*Z..sZ...%.}[...%.}\...*....0..E........(Q.....%-.&rO..ps]...z}......}.......}.......}.....r_..p.s^...}....*..{

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.ConnectionInfo.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):126392
                                                                                                                                                                                                                        Entropy (8bit):5.974134263155626
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ydKzIN7iv0YCfG4/6s+Ivr6pzSXGBf8Cw+g6pfnNWqDXLr+z:JIdrP/6eepzSXG9Pw+tN5XO
                                                                                                                                                                                                                        MD5:58F8601A7F1B08A85FA5C700C040890C
                                                                                                                                                                                                                        SHA1:241F154E0BA2DA22673E7F524CAF407226B80D70
                                                                                                                                                                                                                        SHA-256:A6739A0465E235639DD875BCBC16AEA5CDB3FFC21049580F5F0966C791297B13
                                                                                                                                                                                                                        SHA-512:7989E323B6F60262002AC906C49E7B98BD4206E55A3061E5E2CA381FD38D734E96A18D9CC3E9F09D17871AE13A0F68C61981F282F7CBDB2F08305A8B283A3E7C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....2..........." ..0.............f.... ........... ....................... ............`.....................................O.......D................'..........T...8............................................ ............... ..H............text...l.... ...................... ..`.rsrc...D...........................@..@.reloc..............................@..B................G.......H..........h1..........L.....................................................(,...(-....R........(,...(-....S...*>..s....%.}&...*..(....*"..(/...*&...(0...*&...(1...*..(....*"..(....*&...(....*&...(....*..(....*"..(....*&...(....*&...(....*..(....*"..(....*&...(....*&...(....*..(....*"..(....*&...(....*&...(....*..(....*"..(....*&...(....*&...(....*..(....*"..(....*&...(....*&...(....*..(....*"..(....*&...(....*&...(....*..(....*"..(....*&...(....*..(....*..(....*"..(....*&.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Dmf.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):63416
                                                                                                                                                                                                                        Entropy (8bit):5.84352530194245
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:9j7FCsjYHqjlSMC+pVXbRZyqNyKTFrnXRtijboARVFL5xHji9zW1j:p7FCsj5l8+pV1Y3q7B2VFLz+z
                                                                                                                                                                                                                        MD5:07B0B6B27A4E8773E81794A68797AAD6
                                                                                                                                                                                                                        SHA1:30785C5E490EC949719EB256BEFEDA5C1660E299
                                                                                                                                                                                                                        SHA-256:70036A0884BF64BD4110B02F7C504669A6EF30499F2E484C2FC5350D240DD63A
                                                                                                                                                                                                                        SHA-512:9DE8CDEB4C06B861D5809CAC3910B1C0797072D14F167680BB0711FA9DE36AD9FB81A817576D4709B33010C4DA3C734573D43589F887A7D892CEB1D113E7DAB6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... .......................@......\O....`.....................................O.......$................'... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...$...........................@..@.reloc....... ......................@..B........................H........N......................\.......................................6.(.....o....*:..(.....o....*>...(.....o....*&...(....*Z.o....r...p(....o....*.~....*N.o....r#..p.o.....*..*.0.......... ....s.......o....rC..po....u)...o....&.rm..po....&.rq..p.o....r...po....u)...o ...&.o....r...po!...,!.r...p.o....r...po....u)...o ...&.o....r#..po!...,!.r...p.o....r#..po....u)...o ...&.o....r...po!...9.....r...p.o....r...po....u)...o ...&..+V.o....r...p..("...(#...o!...,=.r=..po....&..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Dmf.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):305544
                                                                                                                                                                                                                        Entropy (8bit):5.843116925750861
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:G0Li90mUQz3XBjdGxvXozwpEwgLAJKym0ukbs/E9lESs:G0Li9VUQrBjdGxvXoXLAJKxbko/7Ss
                                                                                                                                                                                                                        MD5:A5F644DCBF3E5789665358B9073DB9D0
                                                                                                                                                                                                                        SHA1:2D822B8A04A637783DAAEA0B2DFB2A2DFA604134
                                                                                                                                                                                                                        SHA-256:9C9BE17C1245119966F01331A289D45FB5BD5EAAC08DA4AEF9D8519F53F4E654
                                                                                                                                                                                                                        SHA-512:9421FDD7B9394A919A8094E5CB453A64B5A976A8F14C65DF319135FD84744B407BA810C0D140EA54F44EB8873647EE86D6E4850ED96DAEDF66B6BC4AF84EDCAC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...18H..........." ..0..x............... ........... ....................................`.................................E...O........................'..............8............................................ ............... ..H............text...0v... ...x.................. ..`.rsrc................z..............@..@.reloc..............................@..B................y.......H.......|....R..........,O...D............................................{....*.~....r...p......%........o?.....}....*..{....*.~....r?..p......%........o?.....}....*..{....*.~....rs..p......%........o?.....}....*..{....*.~....r...p......%...o?.....}....*..(@.....}......}......}......}....*Vr...pr...p(A........*..{....*..{....*..{....*..{....*....0..b........(@...~....r...poB...~..........%...%...%........oC.....}......}......}......}....~....r...poD...*...0..h........(@...~.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.Assessment.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21432
                                                                                                                                                                                                                        Entropy (8bit):6.481279327444919
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:klQNbOz4g/+pWivcWcLHRN7EPkiR9zg9el:klQNOKGLEP99z
                                                                                                                                                                                                                        MD5:835CA7FC45992CACF40477BED3D96978
                                                                                                                                                                                                                        SHA1:D890F1902495BE076A76118C347097CD93D27B1B
                                                                                                                                                                                                                        SHA-256:719AD2ECD3DE4F2B6D7663E238152B4DB44D0B672AF132CD8259B8DE72061A8F
                                                                                                                                                                                                                        SHA-512:7EDEBF0C09F0E013FE477E6A2294FE638D6B9FC59E1410BF73635A939101525A7442FFC78B1A8AF59CA0A79F83EA1F528B86A8A97E82108CB9D74DD809737430
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6............" ..0.. ...........?... ...@....... ...............................w....`..................................>..O....@..t............,...'...`.......=..8............................................ ............... ..H............text........ ... .................. ..`.rsrc...t....@......."..............@..@.reloc.......`.......*..............@..B.................>......H........%..t...................l=.......................................0..\........-.r...ps....z.u......,...(....*.u......,...(....*.u......,...(....*.u......,...(....*(...+*.0..a........-.r...ps....z.u......,...(....*.u......,...(....*.u......,...(....*.u......,...(....*s....(...+*....0..a........-.r...ps....z.u......,...(....*.u......,...(....*.u......,...(....*.u......,...(....*s....(...+*n.-.r...ps....z..(....o....*n.-.r...ps....z..(....o....*n.-.r...ps....z..(....o....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.Collector.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):121224
                                                                                                                                                                                                                        Entropy (8bit):5.32329010745663
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:FlUPKS9pa4VZMInoCJCgCFC6JsJuzLGJ+Mf9O7w800gB:FlUlCInoCJCgCFC6JsJKLGJdk7oD
                                                                                                                                                                                                                        MD5:3D122492BF7C2B14B361F311971E805C
                                                                                                                                                                                                                        SHA1:DB3F9A6C9934839A3C51C5DCA7A68AC5CF3C40C8
                                                                                                                                                                                                                        SHA-256:A9D61C7EDF20F937CB04104D066C84EE7B4ACEE91234CDC0F2FB1AB3B2FFA09B
                                                                                                                                                                                                                        SHA-512:C65263DD2105E1553DDBAA00D5E7B97630A2B90B849BAC18EEA91AB5FFA32C9FD96D312763E581D642AEB81D049D7B62B6D0690D4B208ED35B4CE64A9745E4C6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:..........." ..0.................. ........... ....................... .......J....`.................................@...O.......t................'..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc..............................@..B................t.......H.......\z..|..............(............................................r...ps+...*..(,...*..{....*"..}....*.s$...*..s%...*..s+...*..s+...*.*.*Vr...p......%...(-...*VrO..p......%...(-...*Vr}..p......%...(....*nr...p......%...(/....(-...*Zr...p......%...(-....*~r...p......%...%........(-....*Vr...p......%...(-...*zr9..p......%...a....%...(-...*^rg..p..(/...(0...(1...*.r...p..(/...(0.........%...a....(-...*fr...p......%...%...(-...*..0..D.......r...pr...p.~7...%-.&~6.....8...s

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.CollectorEnum.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):30088
                                                                                                                                                                                                                        Entropy (8bit):6.437866744288192
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:26Yt2VxKqW6UFKiNcBrn7SZ1OwZ9B/yrFQLofyCxd0+qUYTnZn3WmVsNFW7vjWi2:CI3i1b1LvU1X9zie
                                                                                                                                                                                                                        MD5:7C72DF26A9E3480D18BC73CD394EE174
                                                                                                                                                                                                                        SHA1:867A6378BA57282EF094CE72567F3F284A05B948
                                                                                                                                                                                                                        SHA-256:85BFEFC45F9AB524085A6EAF0514BC5E8597A7301F13C15D9AEAA59FE95FFAF3
                                                                                                                                                                                                                        SHA-512:13E00DE48877E3C0EE041149F7D9F993A0BA724C347F0A7E5415D98A6145B70083FFFD08435B7017312BFA588450A4E3474C511BF8D6759EA5E3E1B9B080B15C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=............" ..0..B..........ja... ........... ...............................h....`..................................a..O....................N...'..........P`..8............................................ ............... ..H............text...pA... ...B.................. ..`.rsrc................D..............@..@.reloc...............L..............@..B................La......H.......h ..@............+..(4..._.......................................(....*..(....*..(....*.BSJB............v4.0.30319......l.......#~..<...t...#Strings............#US.........#GUID.......|...#Blob...........W..........3............................................................................................T.................k.=.....=...P.=.....=.....=.....=...7.=...h.=...:.=...............i.=...".O...A...........................8...=.........u...M.....V.....V.0...P ..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.HadrData.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):54712
                                                                                                                                                                                                                        Entropy (8bit):6.225871985842007
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:KwFXepz6MZ4K1MUbQLE189R2SPksHxAZNk1WZuE/rqUA+I/LQI9z:9e96jBLS8HxAZNk1WIE/ql/LQAz
                                                                                                                                                                                                                        MD5:58212EFAC8ECC5A8DB91F91E71127EB6
                                                                                                                                                                                                                        SHA1:800813C23054314EE60DD94BE7F645B1088CB02C
                                                                                                                                                                                                                        SHA-256:84F342CF6DC8E05CB89C26A9DE32B658B583163DB0FB03D0D48BFAB21DBFA2CC
                                                                                                                                                                                                                        SHA-512:664C996312060F951E89E95DA41F21CB8867BA5C8F5E2104A1A5A2C3FE4C865BC1218A76AEA0CA9E506931D2CB5BBCB8803BD16AE9BF660431E3F04DE9A76B63
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,............." ..0.................. ........... ....................... .......F....`.................................~...O.......d................'..............8............................................ ............... ..H............text....... ...................... ..`.rsrc...d...........................@..@.reloc..............................@..B........................H........>..t~..........`.......@.........................................(......(......(......(......( .....(......(&.....(......("...*.0..W........(.....-.r...ps....z..s....(......(/....st...(.....s....(.....s....(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....~g...%-.&~f.........s....%.g...(...+*..(....~h...%-.&~f.........s...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.HadrModel.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):112056
                                                                                                                                                                                                                        Entropy (8bit):5.878421172715259
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:gEV/stLpW6VcJJzWH+y2NSbQs1ZC6xib81MxzXeKb:gEkDOJJFRICFAqT
                                                                                                                                                                                                                        MD5:3E81380786881897206FFAB1DB112B74
                                                                                                                                                                                                                        SHA1:A1EDBA4C0EA2BB3E2FA4B8BF2AD4B4908732AD5B
                                                                                                                                                                                                                        SHA-256:62C2E1491721727D9F67E21CC8D2B686F7F595FA7E281595E67CD3E641DF9760
                                                                                                                                                                                                                        SHA-512:58C7C84266E49FC29706B5C140893BF5B06727015A19F9B633295800E8053E86E551A171D017C66BEDA5D6A6A852E686118BA21407FC3495795B75C53F8EF819
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k)1..........." ..0.................. ........... ...............................i....`.....................................O.......t................'..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc..............................@..B.......................H......................xY...F..x........................................0..p........(.....-.r...ps....z.o....o ...-.(V....o....o!...("...s#...z..o....o$...-.(l...s#...z.o%...-.(....s#...z..(....*..{....*"..}....*....0..........s&.....(....o'...,...(....s:...o(....(....o)...,...(....sJ...o(....(....o.....(....o*...(+...,...(....s....o(....(....o,...o-....+].o......o/...o0....3H..(.....s....o(.....(.....sX...o(.....(.....sZ...o(.....(.....sY...o(....o....-....,..o......*......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.RegisteredServers.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):76728
                                                                                                                                                                                                                        Entropy (8bit):6.012734797103957
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:LS9HqX9o63UV+y4U4cDZxt9QlLAIoHdwbdGBH766UiPpopdobb437jfWDXLRYk6l:+OjoSIdwZGBbQGJU7jfuX/7ggLoBz
                                                                                                                                                                                                                        MD5:CF1997EAA53A691B410E9DE8B49486E4
                                                                                                                                                                                                                        SHA1:FE1C6E6EBE835F6024537D4CAFD5D6100181EE0C
                                                                                                                                                                                                                        SHA-256:672B55A90C0C3EA83EC9E5307E34A8CB7BDDE4F8A42C8AAC9D25D20261C4A670
                                                                                                                                                                                                                        SHA-512:51591CCC3DE2D7B08522AEAFD6650AB5F7D69B3DD7C8BFCB4A49183D3FD58764834D4F2DCB4E9A18FC157F617F9CC9E8A4BDE5BB0C2670108907431683188D76
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ... ....... .......................`.......k....`.....................................O.... ...................'...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........e..............,...(...T.........................................{'...*..{(...*V.().....}'.....}(...*...0..A........u........4.,/(*....{'....{'...o+...,.(,....{(....{(...o-...*.*.*. .Y. )UU.Z(*....{'...o....X )UU.Z(,....{(...o/...X*...0..b........r...p......%..{'......%q.........-.&.+.......o0....%..{(......%q.........-.&.+.......o0....(1...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..()...*..{....*"..}....*..{....*"..}....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.Sdk.Sfc.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):513456
                                                                                                                                                                                                                        Entropy (8bit):6.171195732283893
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:9R84F0wB27SAb3W0UXp2BVBk9h45Md/j8gmkY8hZ+JcmVfDUZOLmvpuUMSQBH5Ah:mwBvAbPBfkvwMd/jt5v+HD7jNH2Pp
                                                                                                                                                                                                                        MD5:D4F4EE4595141ACB4C54AE3F70831DCF
                                                                                                                                                                                                                        SHA1:8E8AF577A5899EB002E47907959B5DE9B53AAFC2
                                                                                                                                                                                                                        SHA-256:807F16769692E5102930584BDE9CCF7A93CB86C6D9F472926AEDE5BA0947F854
                                                                                                                                                                                                                        SHA-512:512CA65D4EEA42A4367F71B4B89DE849699E73F34B590849E74644E10A25A843644542E9CCBDA8D90F1E5566CB3BD1D28FC08DDE1C2F06879DCF5D9BAEE4AA4D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4i..........." ..0.............2.... ........... ....................... .......&....`.....................................O.......d................'..........$...8............................................ ............... ..H............text...X.... ...................... ..`.rsrc...d...........................@..@.reloc..............................@..B........................H.......`0..|i..............%............................................(D...*.0............(......,...(....*..0...........u....,...u....o....&*.u....,...u....o'...&*.u....,...u....o*...&*.u....,...u....o!...&*.u....,...u....o$...&*r...pr...p......%..oE...oF....(X...*...0..o.........(......u....,..u......Tr...pr...p......%...(X......7u"...%-.&.+.(_...........&r...pr...p......%...(X........*.........6O..6....~....*2.(....s@...*V.-.r...psG...z.s@...*...0..a.......s....%s....(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.SqlParser.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8468360
                                                                                                                                                                                                                        Entropy (8bit):6.33478423441095
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:196608:aP7D7Q4XV4884O14u/4Ey4/c4vl4v740thyLf0XJ4m0aPZg1:av79hyLf0XnC
                                                                                                                                                                                                                        MD5:0430A32771B13146A7CD1B1F58D81C29
                                                                                                                                                                                                                        SHA1:3FF219BAFB45C2C68374EB8EE5BA8C3F27E94B00
                                                                                                                                                                                                                        SHA-256:6FDE454377F92D038FE9CC7448AE72EDD48FA6F3F956FBA7B9D436436E97B2E4
                                                                                                                                                                                                                        SHA-512:53180C1B3D35352B8DD068397566C4D40F28C67ABC8F0F64C40CBE5251B7654570A7F1782DD127D0440676A50F75D486BD7CEAF72E53D5631A94AD37B02CA82E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K._..........." ..0.................. ...@....... ..............................g.....`.....................................O....@...................'...`..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......L.$.0...........|.A...?.,........................................s....*.s....*.s....*.*.*.*.*.*..(....*.*..(....*.*.s....*.*..(....*.(....o....*"..(....*"..(....*..o....*..o....*..o....*"..o....*..o....*..o....*..o....*..o....*..o....*..o....*&...(....*6.r...p.(....*6.r-..p.(....*..(....*.(a?..*..(b?..*.rY..p(c?..*.r...p(c?..*.r...p(c?..*.r_..p(c?..*.r...p(c?..*.rE..p(c?..*.r...p(c?..*.r...p(c?..*.rW..p(c?..*.r...p(c?..*.r...p(c?..*.rE..p(c?..*.r...p(c?..*.r...p(c?..*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.SqlScriptPublish.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):146360
                                                                                                                                                                                                                        Entropy (8bit):5.583258192691773
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:rsvTQNMlthCec257m+uD0iVJXr55loE1sJv6Up+bb0:bOh3c2I+uD0iHcp+3
                                                                                                                                                                                                                        MD5:FFDDB576F16DA655404FE36DC82F35C8
                                                                                                                                                                                                                        SHA1:38E03D5C427B68DF2A8E3A76238281C8B4AA6300
                                                                                                                                                                                                                        SHA-256:F82DCE428B9C0FA2AD3666EDA57F14D0F1AC7BD313AC263BDCF629C01352A86C
                                                                                                                                                                                                                        SHA-512:E8A056CF278473EA3214DCE5188BD39C9D40E87C88EC26990ACB84C3F9B34E5868C73A23F27C41B9E7D482D62A6CDF7B30B26A1F3877A5D08C81E6F2197762C1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._V............" ..0.............z'... ...@....... ...............................P....`.................................&'..O....@...................'...`......X&..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................Z'......H........_...R..........8....s...%.......................................*.*.*Bs!........(3...*..(.....-.r...ps....z..}.....~....o....s....}....*....0..N........{....o....-5~....o.....+..o.......o....(0...&.o....-....,..o .....{....o!...*.......... 8.......0..g..........{.......o"...:P...s#....~.....o$........r...p........o%...(&...(.....-.........o%...(....s....z..(2...9.....{....o....s'...((...r?..p.{....o....()....o,...(*...s+......o1....o0...o,...o-...o.....+i.o/...t.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEvent.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):143800
                                                                                                                                                                                                                        Entropy (8bit):5.9969194452773324
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:gXzlVAKS5nDPLAiypx8nlIEgLJDSQxogGEvK3LiP9lXq4bGARlWV0z2dJKwL5J+6:gXcKS5DTdM80t3ogA3wnq6GCjz2dMwG
                                                                                                                                                                                                                        MD5:F3214EF383C66C1AF3BC1C877BCBC77F
                                                                                                                                                                                                                        SHA1:BAA08A9959DFE961A5822368AC8208BA7990B5F1
                                                                                                                                                                                                                        SHA-256:FCF837C594993B7B4C20E4A6461F703B8C66097C848584DE815F5299B8C7FBAB
                                                                                                                                                                                                                        SHA-512:6CE9CD56652AEA6AE15AE293629D8F2270AD0C1AADA9D66A8ED7807C5BCD915B243793510234FE5E967D7AA35333521596D3BAAC7E586B762FA6401AE5BCF5A5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%............." ..0.................. ... ....... .......................`.......(....`.................................J...O.... ..T................'...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...T.... ......................@..@.reloc.......@......................@..B................~.......H............................=............................................(*...*z...oI...oY...o[....o...+(....*..0..j........(*...(..........%.r...p.o............%.r...p.%...o...........%.r'..p.%...o......(......(.......,..o+....*..........@_.......0..........(..........%.r=..p.o............%.r'..p.%...o......(.............%.rY..p.o....(....sh...z.-........%.r...p.o....r'..ps,...z.(-...r...p.o....o.....o#...(....(......o....o....(......o....o....(......o$...(.......,..o+....*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEventDbScoped.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):54192
                                                                                                                                                                                                                        Entropy (8bit):6.096491313092786
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Wtqb3bnp+W68BtaA9oQg9s1zoLd9Ijr2Ds1P7JTL2i9zf:W+rQyBQac0z2dsTL2+zf
                                                                                                                                                                                                                        MD5:C3943866AAFF532FEE0ED054D60D2ACE
                                                                                                                                                                                                                        SHA1:4A593AEE1CEA4EFB6B06744067F2A86CE624B0D9
                                                                                                                                                                                                                        SHA-256:C26C143C4E689C8B8D41C2F23B16945A78504248AFB35CCA7EE7FEA0BAA15495
                                                                                                                                                                                                                        SHA-512:7A59C91033310CC7E7566CC123EE6FC7962552FA3A7447D6B53B06E79C103497025CE2B9C7E7900919265BBB68B8E97C9E571A8E19D50CDE7D422F914B70A018
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5............." ..0.............>.... ........... ...............................(....`....................................O........................'.......... ...8............................................ ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......45...I.......... ....=............................................("...*.r...p.....*:.(".....}....*..0..^....... ....s#.....($...r5..p.{....o%...(&...o'...&s(.......{....o)...o*....+2.o+.......o,...(-...,...X....o....rQ..p(/...o'...&.o0...-....,..o1.....{....o2...-3..0/.{....o3...9....~4....{....o3...o5...(6...9.....rU..po'...&.{....o2...9.....rY..po'...&.{....o7...o8.....8......o9.......o:...,z.{....o;...o<.......o=....{....o>...o...+o@.....oA...oB......($...rc..p..o

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEventDbScopedEnum.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):42888
                                                                                                                                                                                                                        Entropy (8bit):6.179311030439727
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:O9ZntOFanHTO9TTTeo22klTwn+WKfUP+MKlrmHjxZ+TjnRbk4R2YWqf1W4LHRN7f:O9ZMIL2du2qxL6UW9zxM5
                                                                                                                                                                                                                        MD5:2B092A8DC59D3909504CE3D1E0011412
                                                                                                                                                                                                                        SHA1:3DF65195FA9E40DDF2650ED929702F5561B3C7E9
                                                                                                                                                                                                                        SHA-256:8201D0848B43852314FA257527B1C27651B18F570233C262C1FBE4FBC2460369
                                                                                                                                                                                                                        SHA-512:5E2D88D5E30878306D0B451CE6DA358F7778DAA221A89E20147BE96E8F90629996E5DF6F130FD3F32746AAA7A9DC84065927C9D7743B4E17328728EBA6EF839B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q............" ..0..t............... ........... ...................................`.................................:...O........................'..........h...8............................................ ............... ..H............text....s... ...t.................. ..`.rsrc................v..............@..@.reloc...............~..............@..B................n.......H.......T!...............2..._..........................................(....*..(....*..(....*..0...........r...p.(.......(.....9.....s....(.....(....(......(......s.....s......(....o.....o....r...pr...p(....o....&.o..........(....o ....o!.....o".....o#....o$...r...po%...&..(&...*..(&...*..('...*.(....*..(....*..(....*..('...*...BSJB............v4.0.30319......l.......#~..........#Strings....p...(...#US.........#GUID...........#Blob...........W..........3........&...........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Management.XEventEnum.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):39344
                                                                                                                                                                                                                        Entropy (8bit):6.211647244028498
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:CZnNiVApNBMUvQdKxbJkMl4SNngAKMkxGEzkMAM858J66WiftWfLHRN7VQN9K+RV:CWUx8GXN8yLC+i9z3n
                                                                                                                                                                                                                        MD5:7262D023C26458800B13EB7AA1B3D488
                                                                                                                                                                                                                        SHA1:17DA8AB83A9B678AE064406ECA551FC58695FB76
                                                                                                                                                                                                                        SHA-256:85845330E275C219324B0ED9CFA9C4CC5AB20CDFFFFC9F57E44340ACE1825E67
                                                                                                                                                                                                                        SHA-512:72B5F44D9C343EA8B74903E0C7A1AD4B3B31840ED43CE05E77688B38DAE448FDE9CA5E39BEDB70DE0D3CF56D99681456567E2D45FF30410271BDB7E035C174DE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....U............" ..0..f..........j.... ........... ..............................P.....`.....................................O.......t............r...'..........T...8............................................ ............... ..H............text...pe... ...f.................. ..`.rsrc...t............h..............@..@.reloc...............p..............@..B................J.......H.......h ..............|,..XW..........................................(....*..(....*..(....*.BSJB............v4.0.30319......l...`...#~..........#Strings............#US.........#GUID.......x...#Blob...........W..........3............................................................................................T.....4...........k...........P.......................7.....h.....:.....d.8...T.....C...........q.....-.......................?.=.........^.k.A.....V.....V.....P ..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.PolicyEnum.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):31672
                                                                                                                                                                                                                        Entropy (8bit):6.389638513609929
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:NmRizahEsIJWX8FLXOb0uR7RgaWn/lFoZCgiWbcdh48RHMXeg3/c08QWtfTWOLHD:NmQM/QTFLvHji9zW
                                                                                                                                                                                                                        MD5:D548D299BB1AC8EC01C0D632B33F0D51
                                                                                                                                                                                                                        SHA1:F3417210CAEB5605758537A89BFD7A7113D48C15
                                                                                                                                                                                                                        SHA-256:799CB8C34070D36C9499E1B17F84D8B08B78EC0C3FBB4AEF89AEB6B13D9C3480
                                                                                                                                                                                                                        SHA-512:E0A024ABFF256DA5C68E2F5D7B845CE01CB66D386AB66E5AC9F055DF51CB06B89115DFE5D7E2D41E35BF63C7C1E7A93337C5675CC8A5054917D430919DCEB964
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w............." ..0..H...........g... ........... ....................................`..................................g..O.......$............T...'...........f..8............................................ ............... ..H............text....G... ...H.................. ..`.rsrc...$............J..............@..@.reloc...............R..............@..B.................g......H.......h ..............$,..8:..\f.......................................(....*..(....*..(....*.BSJB............v4.0.30319......l...$...#~..........#Strings....$.......#US.(.......#GUID...8.......#Blob...........W..........3......................................................................%.........9...........v.....0.....T...................w.....w...r.w.....w.....w.....w...Y.w.....w...:.w...P.....?.......w...\.....`.....#.....................Z...E.............U.....V...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.RegSvrEnum.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):52144
                                                                                                                                                                                                                        Entropy (8bit):6.0856854390438615
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Ai1WmlU7WMP5RQhFTxGvoVRJZMEUfIQCCwto0r+utg8e6LR9ze:/FMP5qhFTxsojBCwtxBW6LDze
                                                                                                                                                                                                                        MD5:2CC0BB0B2944C6F80FFEB3B16BBE5145
                                                                                                                                                                                                                        SHA1:96B9C9B6EAC9D397383AB82D8AD584DBDC8D6BB8
                                                                                                                                                                                                                        SHA-256:C22E3C5E6DAFFFF820939B686DEBCF0A7282E5C8EB873992E162EB0941D0D36D
                                                                                                                                                                                                                        SHA-512:6E632BE78F4125056BCB71F05E50F395C720E4410F4D26166B18C5AEA019B8234E6986A3EF87EF43054E42E68FD5483CB9BD13D0723744585919300791ABC937
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............R.... ........... ....................................`.....................................O.......$................'..........D...8............................................ ............... ..H............text...X.... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B................3.......H........O..T]..........,................................................(....*"..(....*....0..)........(....(........,...-...+.(.....o........*"..(....*"..(....*..0.. .......(.....o.....(........,..(......*.0....................s.........i}a......{a...(....}b......{b....{a...(...............~....~....~.......(....,V.{a....M.....{b......{a...(.....{a....M.....{b....{a...(.....{b...(....&..~....}b....X(....(....s....z.{b...~....( ...,..{b...(!....{b...~....( ...,..{b...(....&

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.ServiceBrokerEnum.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):37816
                                                                                                                                                                                                                        Entropy (8bit):6.270981059570318
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:IrW0acLj6KlARQg5B6Dlvre6f18uN3tZp/NtrYCHCkV5rc6gpEpqoN0QEkxt4SEC:HiH1uvvL+Hji9zWb
                                                                                                                                                                                                                        MD5:BE7EB2CD325712491C92EFD821854AD8
                                                                                                                                                                                                                        SHA1:5E4F32791BFCDB991F68A4281D61481906800A24
                                                                                                                                                                                                                        SHA-256:86AF925064F5BA517D2F7190258DA3B4D7F6A84E55276B81CD8DD25BF3A80A11
                                                                                                                                                                                                                        SHA-512:70FABE97331808C66F559893629840D1C175366E279887D82CA6CE6048CA4DB1BC7D2A27B6ABE985FD783AE09CB827A90E1F4097CF4A073D74BD6B9388F7BBF5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...N............." ..0..`..........2~... ........... ..............................vr....`..................................}..O.......T............l...'.......... }..8............................................ ............... ..H............text...8^... ...`.................. ..`.rsrc...T............b..............@..@.reloc...............j..............@..B.................~......H........!.. ............2...I...|.......................................(....*..(....*..0..T.......s.........+7..Jo......-...3...+...3..-...+...+..,..-...o....&..J.XT.J.o....2..o....*.0..3........-..*s.........X...[.]..(......o.....1....o....+..*..(....*..0..c........{....-....(......-..*..(....}.......r...p(....-..r!..p(....-.+...+.....{....o....2..*.{.....o....*"..}....*..(....*BSJB............v4.0.30319......l...D...#~..........#Strings........H...#US.........#GUID.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Smo.Notebook.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23480
                                                                                                                                                                                                                        Entropy (8bit):6.448034645094735
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:QHpoEjLC7iB2MeICM6xtWPv8WALHRN793+Hj+R9zWN0I0q:2pjLW/UeL9uHji9zWh
                                                                                                                                                                                                                        MD5:8F4961A3DF7C003D5AF51935EF4421FE
                                                                                                                                                                                                                        SHA1:ADD4D88D0A7049127DD172144808C2BB0CBFFCCC
                                                                                                                                                                                                                        SHA-256:C87BB93FC4FEBB39FE7C1140A33C7F9FC998893D53986571F5641E3FD678964B
                                                                                                                                                                                                                        SHA-512:89EE2674D9F1358F691AD178A1B1AA25ACF4803AD68D4563DACC388D5FFB32397FE225D502004BB617799EE64D99C367AED42493376AB8EE39F6B88DCE713CF9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..(..........6F... ...`....... ...................................`..................................E..O....`..4............4...'..........(E..8............................................ ............... ..H............text...<&... ...(.................. ..`.rsrc...4....`.......*..............@..@.reloc...............2..............@..B.................F......H.......h%..@....................D........................................{....*"..}....*..{....*"..}....*..{....*"..}....*f.(......(.....s....(....*..{....*"..}....*..{....*"..}....*^.r...p(.....s....(....*2.r...p(....*..s#...}.....s....}.....(......(......}....*.0..;........{....,2.{.....s......{......(....o".....}.......,..o.....*..........0......*.,..(....*..0...........{.....(....,p.o......r...p.o.......o......(....,.r+..p.(....( ....+.r+..p.(....r1..p.(....(!.....{.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.Smo.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4464056
                                                                                                                                                                                                                        Entropy (8bit):5.689303179671491
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:CnAfN/29VNuhenaz8kkg+LuJ252EeQ/6ObtriCcPdO4Vt7DtStA/hdrpNawFDFg0:69VC2O
                                                                                                                                                                                                                        MD5:636E0E7E4CF3979DFE53CF7D8FCA1F95
                                                                                                                                                                                                                        SHA1:307544709321CC2A31490C5DEA0F49E121F720CC
                                                                                                                                                                                                                        SHA-256:24E2457FEBBF84458741E9E3E6D1AAFF98FCBDCEFDDCA72D502D184088A9317F
                                                                                                                                                                                                                        SHA-512:578BD52D0BE565E4F8B9839768AB2F55466A8FA7CCCD5D80BD2EDE50E73C23673CC801085BD8706436CDB47604E3876793DF85E4581E805F5BEEC6001CF5914A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...QWq..........." ..0...C...........C.. ... D...... .......................`D......'D...`.................................a.C.O.... D...............C..'...@D.......C.8............................................ ............... ..H............text.....C.. ....C................. ..`.rsrc........ D.......C.............@..@.reloc.......@D.......C.............@..B..................C.....H.............&.........8.<..r..8.C.......................................{....*..{....*V.(......}......}....*...0..A........u-.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ?.. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q0....0...-.&.+...0...o.....%..{.......%q1....1...-.&.+...1...o.....(....*..{....*..{....*..{....*..{....*..(......}......}......}.......}....*..0..q........u2.......d.,_(.....{.....{....o....,G(.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SmoExtended.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):161208
                                                                                                                                                                                                                        Entropy (8bit):6.161114834666496
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:rO28DPO4B9Jr5cIdz+J1ZAXdKQYKtdoFLxAWXNM1DFu7dZYmGefLJcNrRqDqF+GP:WDPO4B9tzNXdKQYKtdoFLxAWXNM1DFaE
                                                                                                                                                                                                                        MD5:E3CD6AAFDB8E6E314D329AACBB31F833
                                                                                                                                                                                                                        SHA1:B8405E91D23B72180614BA817E868BC8DA0102AF
                                                                                                                                                                                                                        SHA-256:68584FCFF5C1386609C84185D936C856333BF5915407F02DB5E47B4FABFA5A44
                                                                                                                                                                                                                        SHA-512:2D4FF01877851A1153BBD8866CCC8397EC19C0C45F66621C984ADD33A55F315CB574614486A815123A5B57D912941B4052550268FCE6F5CF2B005E5DCFC4DABB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-............" ..0..B..........na... ........... ...............................j....`..................................a..O.......$............N...'..........``..8............................................ ............... ..H............text...tA... ...B.................. ..`.rsrc...$............D..............@..@.reloc...............L..............@..B................Na......H...........0e...........]......._........................................(....*..(....*..(....**....(....*"..o....*..s....*..( ...*Vr...p.....r...p.....*...0..s........(=.....}'.....}......}......}.....~!...}......}&.....}......}.....~.........}......+..{.....s.......X...{.....i2.*:.(......}>...*...0..H........{&...-?...o"...o#...00.($...o%...r...p..........o&....('...((...s)...z*.0...........-.(*...r3..ps+...s,...z..(....s-.......(....o....&...(H....o/...o0...-\.(.....3S.(!

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SqlClrProvider.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21432
                                                                                                                                                                                                                        Entropy (8bit):6.637442938718147
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:zOObcIzIVsi4iIwYZ0WJFVmWTLHRN7va+Hj+R9zWNO:zQAbLVHji9zWU
                                                                                                                                                                                                                        MD5:AFC336AC3AA69F4F773E8578E72DBFD4
                                                                                                                                                                                                                        SHA1:140491463BFD67260D22B433058649D23E9426CF
                                                                                                                                                                                                                        SHA-256:A230E7DE1B041BBACC7A22739B932A6FBC18358A434A6FE349895CABD3D47E5E
                                                                                                                                                                                                                        SHA-512:E137BC126A0002357CC1DDCF269AC8788DAF8079508BE846D0E40AEA903A11D33DE3AA2DF7101EA7C92EFB735945ECD07D0D6E97E6FD46E3ED2920D1AC4AAE1D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#............." ..0.. ..........&?... ...@....... ..............................c.....`..................................>..O....@..D............,...'...`...... >..8............................................ ............... ..H............text........ ... .................. ..`.rsrc...D....@......."..............@..@.reloc.......`.......*..............@..B.................?......H........!.......................=........................................(....*..(....*"..o....*2.o....o....*Z... 4.....(.....o....*....0............(....,..*s......o ......8.........o!...o"...o#.....o$...o%.....+...o&...u........,...o'...~....s(...o)...,...+...o*...-..-F.o$...o+.....+...o&...u........,...o'...~....s(...o)...,...+...o*...-..-..*..X....i?J....*6s,.....(-...*..(....*..(/...*..(0...*..(1...*n .....2...%.....(2........*...BSJB............v4.0.30319......l...T...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SqlEnum.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1520056
                                                                                                                                                                                                                        Entropy (8bit):5.836121663264462
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:A7q8xQQqpHxdu42sami45Y8o7JUapjlfajDOKPzx0NnMqyoEgryNjlVELu3i3+3Q:A7q8WQMxl2saO5Y8o7JUalOpN1077
                                                                                                                                                                                                                        MD5:DB6C23FD729729E56A9059EAF7CF7366
                                                                                                                                                                                                                        SHA1:4DCAE68173CA4D371BCF007008D23ADD3FBA0444
                                                                                                                                                                                                                        SHA-256:1378061205F1F443852DD1896C99069048E9A8B33C501D2019B59374F67C4FE1
                                                                                                                                                                                                                        SHA-512:0D9B217F6C2D1C684CBB42DFA65E89ACBAD4881DA6EA087AD9DD334FA511851ECF87DE72046071ECFC94A3C6065ECC390AE1937D6B94BC6FD796C246B48BE21A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............6.... ... ....... .......................`............`.....................................O.... ...................'...@......0...8............................................ ............... ..H............text...<.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......$....................6...........................................0..-........(....s......r...po ....r...po!.....o".....o#.....($...s......r'..po ....r...po!.....o".....o#.....($...s......r5..po ....r...po!.....o".....o#.....($...s......rG..po ....r_..po!.....o".....o#.....($...s......r}..po ....r...po!.....o".....o#.....($...s......r...po ....r_..po!.....o".....o#.....($...*.......%...*....0..........(%...o&....s'.....((...o)....(*...o+........+2...........(,......o-.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.SqlWmiManagement.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):193976
                                                                                                                                                                                                                        Entropy (8bit):5.526129559345902
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:WaMKviTW0sglh5lnTiYU0OBZb2Xubc8A1eYKDk5wI2BS4OOvqorVA6AUP+PYQOgN:wgiTakJib0iKk5
                                                                                                                                                                                                                        MD5:220974A3271C6DCEAA6998D4B9E627C1
                                                                                                                                                                                                                        SHA1:215069D0208892ABAD304D90F856161FAE66D955
                                                                                                                                                                                                                        SHA-256:513B00B1CBA7D580F19B7B5A90EB1C597789C64C4973E0ED9BBB9E9222550F2B
                                                                                                                                                                                                                        SHA-512:11C31152D884A96DD251AE7C370255AECE7C20A66A50D5EDFEED156EAD8139C3687F2198146FB76B98FE2C4F03BAE9E657386F2FD8B5D5AADE63A86621D0703B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............j.... ........... .......................@......b.....`.....................................O.......T................'... ......\...8............................................ ............... ..H............text...p.... ...................... ..`.rsrc...T...........................@..@.reloc....... ......................@..B................J.......H...........................H.............................................(....*.(q...*..(r...*.r...p(s...*.r)..p(s...*.rA..p(s...*.r[..p(s...*.r...p(s...*.r...p(s...*.r...p(s...*.r...p(s...*.r1..p(s...*.rW..p(s...*.r{..p(s...*.r...p(s...*.r...p(s...*.r...p(s...*.r...p(s...*.r...p(s...*.r?..p(s...*.rk..p(s...*.r...p(s...*.r...p(s...*.r...p(s...*.r7..p(s...*.rQ..p(s...*.r{..p(s...*.r...p(s...*.r...p(s...*.r...p(s...*.r...p(s...*.r7..p(s...*.r]..p(s...*.r}..p(s...*.r...p(s...*.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.SqlServer.WmiEnum.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):31112
                                                                                                                                                                                                                        Entropy (8bit):6.150951215105615
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:D9Pf6WhidOQVl00GWmfvriswsukX3iQVMm+PBWYv1WbLHRN7rRkGER9zD78vSrt:D9Pf6wYlNyDxwsEzPnaL9+9z3Sw
                                                                                                                                                                                                                        MD5:0D34B393F5F89B857B124C0B75762CE0
                                                                                                                                                                                                                        SHA1:6D286354ED93B363512DB56457880BE019E83974
                                                                                                                                                                                                                        SHA-256:131CC21E2421896918090DF3BFE21776F58F2EB0D70F4D71B950D33391B6CB98
                                                                                                                                                                                                                        SHA-512:993BC8D3AE7DE9EAC39C5CAD45DF0E8B41C8276CD9EC241EFF85DA0A88E670DB9F0D53D3454DAD365582976D9BFDCB1AFFCC8D7BB71084A615839A01CE9D348C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....P..........." ..0..F...........e... ........... ..............................0.....`.................................Ee..O....................R...'...........d..8............................................ ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............P..............@..B................ye......H........1...0...........b.. ....d.......................................0...........r...p(&.....r-..pr7..ps=.....rS..po?.....(....rm..pry..ps=.....r...po?.....(....r...pr7..ps=.....r...po?.....o......(....r...pr7..ps=.....r...po?.....o......(....r%..pr9..ps=.....r...po?.....(....*.r%..p.(....,..r...po.....(.......)...*...(4...*...0..0........rW..p(......r...pr...ps=.....r...po?.....(....*>..&...%.r-..p.*.r...p*..0...........r...p(&.....r...pr7..ps=......(....r-..pr7..ps=....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.VisualStudio.Threading.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):732024
                                                                                                                                                                                                                        Entropy (8bit):5.7496309729867185
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Y/XL9pAs67AWD+q7CaDBo7yR831YeunvW47D39B3PzM3R+koHIH2HTHBHrYHhH55:Y/XIzDBoWR83SEkDPbMoolI2dXkgTx
                                                                                                                                                                                                                        MD5:7EC0E494A21AABBD8302D424C8F6C611
                                                                                                                                                                                                                        SHA1:8453C581039D2FC69B55EBF73A8E90AC7022DC94
                                                                                                                                                                                                                        SHA-256:5D232659BC044CF946451A3F1961A9CD327EF80F9F1563FB5CEEAE64AEE87920
                                                                                                                                                                                                                        SHA-512:998D117FC2845AD6074E68C8C53EA44213C9A1F8B185C4D838C6226942AA581E3D27AD1B03C6CC1B20C2C41EA00865BD609F9EE10F9ABA35AD0BE7C149C0D997
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T.1..........." ..0..Z...........x... ........... .......................`......J.....`..................................w..O.......,...............x%...@.......v..T............................................ ............... ..H............text....X... ...Z.................. ..`.rsrc...,............\..............@..@.reloc.......@......................@..B.................w......H........................h......Dv........................................(9...*^.(9..........%...}....*:.(9.....}....*:.(9.....}....*:.(9.....}....*V!..q..q...s:........*..0..s............,....o;....o<...(.....+.r...ps=...z.,....o;....o<...(&....+..js>...(&..........(.........,..o?....,..o?......*.........Y].......0............(@.........(A......(....*"..}....*.0...................*:.{......(B...*..{....*..s....*J.{.....{....(B...*...(.......*J.{.....{....(B...*..0..........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.VisualStudio.Validation.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):34736
                                                                                                                                                                                                                        Entropy (8bit):6.272815701103761
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:29LyDfY7/806vXBgj0A6eMrxfD/ws0memVMyLLac2H+VOJcedPW0+DWJxd2I+R97:2tyjYR65O0r3jVMmLa8h4Ti9zAKJ
                                                                                                                                                                                                                        MD5:A627FD8565F6F442BC7555C94126E988
                                                                                                                                                                                                                        SHA1:4D096F96EC09228D508701E3D288F854B9906C21
                                                                                                                                                                                                                        SHA-256:83EE28811E6815914191DB0C1D65278F62A20995786BB1D416F48E8A3E290274
                                                                                                                                                                                                                        SHA-512:1B4BFE6E74658B00EBED000D82C5BFC242D505B3D48EADCF07334E316FEB9AA791F7E803F27903CB7EB1EE5EC5900DE4D87AFC0A7E6A482F25E2CC84CA9C9135
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..X..........rv... ........... ..............................Py....`..................................v..O....................b...%...........u..T............................................ ............... ..H............text...xV... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B................Qv......H...........@A...........p.......t........................................(....*^.(.......?...%...}....*:.(......}....*:.(......}....*:.(......}....*V!.S.ux&...s ........*R.........r...p(....*J..(!...r!..p(....*..(...+.o"......r?..p(......o#......ra..p(....*j.(...+.o$......r...p(....*....0..[........(...+.u......,..o$.......+3.u......,..o%.......+..o&.....o'..........,..o(.....r...p(....*.......9..E......R.........r...p(....*J..(!...r!..p(....*R.u.......r...p(....*..,..(....&

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Win32.Registry.AccessControl.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22648
                                                                                                                                                                                                                        Entropy (8bit):6.5131753043382155
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:gI0yciEKs2PFZPULxji8WFarWsIiXvHRN7ExRwR9zdB/jug:gI0ym2dZPUlJxIofETM9zHN
                                                                                                                                                                                                                        MD5:A0921B5026017EAF4F9E88871EF2AE68
                                                                                                                                                                                                                        SHA1:84EE5BC3DB8BA2403FCCDB79B315897C95997550
                                                                                                                                                                                                                        SHA-256:0431B6ACDF77A915DA02991162EB6207647A8903AC9D810FD5E1E1A1D92A1E54
                                                                                                                                                                                                                        SHA-512:9009AFA87D8B2EDDD1DE6A393B588B011A7E19AFB2C4A5CE2A6738762F4EEE45FBEDD2F780C1124DFEB565657D3317CA11C42E17EA231E4817F76D533CC858D1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z............." ..0..$...........B... ...`....... ...............................f....`.................................UB..O....`...............0..x(..........PA..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc..............................@..B.................B......H........"...............>..(....@........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*:.(......}....*..{....*"..(....*"..(....*"..(....*>..(......}....*..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):26496
                                                                                                                                                                                                                        Entropy (8bit):6.147606968484159
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:j4nLpSumfSQrlHViaCZYvLPQmlJLfjnWn6GWfdHRN76+fVlGsa9h:j4QVrxViR9mlxd96lv
                                                                                                                                                                                                                        MD5:59C48AACB1C413C108161AFE13FDBED9
                                                                                                                                                                                                                        SHA1:31ACE4B26D8A069C84AAD6001E06C2A5483806F3
                                                                                                                                                                                                                        SHA-256:E9A9D281C1A708AAAE366F82FD6A1742F65DA2918CC4FA5EAAAADA0BE24277D9
                                                                                                                                                                                                                        SHA-512:8252ABE64C67863D9E4C70E820F0C69C517B8678A4B4C13A436118BC276E5F21E84522B93566C0BC009EFFCB251ED67BDBC60E4907ABEA2F33B6BE3764E28D1D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j............" ..0..:..........jX... ...`....... ..............................a.....`..................................X..O....`...............D...#..........$W..T............................................ ............... ..H............text...p8... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B................LX......H........$..8"...........G.......V.......................................~....*..0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%....(....*......(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.WindowsAzure.Configuration.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):28352
                                                                                                                                                                                                                        Entropy (8bit):6.682331503348516
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:wJVgBIO0MJwpn6pnhrC5xajWUZ9NK0389mJKWDhbWRC77q0GftpBjRXSfERHRN7y:oVgBIO0MJwpn6pnhrC2JLzfRijoEBSl
                                                                                                                                                                                                                        MD5:7134C1C88801689C001744784AC475B3
                                                                                                                                                                                                                        SHA1:8167A8A7CB91ECEB0F806E3F75F58E5AA4901ACA
                                                                                                                                                                                                                        SHA-256:C6B0142E7E1A1E0802848A4CF273B76C4DD789C3C8DC13CC696C70CA07E80CC0
                                                                                                                                                                                                                        SHA-512:D1BA1110921DB11195AD04D79C1BCCD541D2AF710587C00BD492EFA6F0A7A6D6E89EA3CABF0D9F3660F4999C976CA3C04242B1C3899D5A3E11A009B9DF49FB10
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......X.........." ..0..&..........vE... ...`....... ....................................@.................................$E..O....`...............0...>...........C............................................... ............... ..H............text...|%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................XE......H........%...............A......lC........................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*V(....rY..p~....o....*V(....r...p~....o....*..0..G........-.r...ps....z.o....-#(....(..........%.r...p.(....s....z(.......o....*..0..F........-.r...ps....z.o....-#(....(..........%.r...p.(....s....z(......o....*"..(....*..0..:.......~....--~..........( ...~....-.s............,..(!....~....*...........*.......s.........*.0.............&...%

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Microsoft.WindowsAzure.Storage.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):948360
                                                                                                                                                                                                                        Entropy (8bit):5.713678282984951
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:gD/w3mw/AbnXJbDdcm1ibtay4Ia4YW/QSgvL2XQQyj:sw3uVdcm1mB1Y2uiXQv
                                                                                                                                                                                                                        MD5:EAC97BE5294E5D5CCFC1D2D81188D44D
                                                                                                                                                                                                                        SHA1:B161ED95B83685340F920216DC09D5A73B24DE51
                                                                                                                                                                                                                        SHA-256:BC7FB7196B90BC3853F56A35F062B563EA7C2A783546172D89C52F91E350E411
                                                                                                                                                                                                                        SHA-512:C7EFCD8F9DB27EAA0A1A1A7C1BE5C8BAD00509C9FC26EF84E08179E3A78FDED8C10CC9D327F41679D349E1054D67F372C3F089DF97B887D420652FD2C97D6BF6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......T...........!.....T..........>s... ........... ...............................j....@..................................r..W....................^...............q............................................... ............... ..H............text...DS... ...T.................. ..`.rsrc................V..............@..@.reloc...............\..............@..B................ s......H..............................P ........................................J...<..y.&.F.|....?.B8kE.......<1.;'-.@N......d.. /.-..}.Y.X/./..#\^.....y-.I.2~..tf.#.O...*."tRg.C).Q...Ds{/`.C..._....k.s.........s.................s................(?...*..(....*V.(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*...0..I.......(>...-9.(B...-".~.....( ......D...s!...o"...(C....(B......o#...*...(....*....0..B.......r...p.(....(>...-'~.....o ..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\NLog.ManualFlush.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):15960
                                                                                                                                                                                                                        Entropy (8bit):6.818847617720447
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:eJLtpsi279AIYiHG58ssrAM+o/8E9VF0Nypgim:m4z79JYidssrAMxkEc5
                                                                                                                                                                                                                        MD5:830B3511952A057546E5455C4FA9CB8B
                                                                                                                                                                                                                        SHA1:B5A35C96D28888AEB8A70E682996A0F51DBEF631
                                                                                                                                                                                                                        SHA-256:AE119AA2A9422DA7075918A2FC34BA393D765D02783E29DEDF8406C59168DDC2
                                                                                                                                                                                                                        SHA-512:CA2E38293E4781B3E0400B2710DED70E290827C85F117B5FAD3E65FB99F16AED9FEDA8E690852205F21A139D753219C8C010CC73BE733E21BFDEAA321328E851
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k.V...........!.................,... ...@....... ..............................D.....@..................................+..K....@..................X(...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......d!..4...................P ......................................x....G...ab0Y1.I|w..{....O..F.?.*.,....uW0$.Nl1.L.U. vAf5W...vP.l.o..>.,..e..~..+AP.....rm.C.C~.0ve#.9..:....L...........LK#6.{.....o....*...0..H........{....o.....+..o......(.....o.....o....-....,..o......{....o......(....*.........+......2.{....o....*J.s....}.....(....*BSJB............v2.0.50727......l.......#~.. .......#Strings....(.......#US.0.......#GUID...@.......#Blob...........W.........%3....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\NLog.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):954456
                                                                                                                                                                                                                        Entropy (8bit):5.8294720004281615
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:HVfrf9vjvhvzHRMeuVvGoSh/MgwEPU+iuHu:1frf9vjvhvzHRM3GoShhSXuO
                                                                                                                                                                                                                        MD5:59AE01F06991E9D4A25C64D3935BD39A
                                                                                                                                                                                                                        SHA1:C3EDC7DED18679DCA90B4F2B8944F06825574A58
                                                                                                                                                                                                                        SHA-256:52656C65BAEAD36E622DEE566890081DCC990F8C1F7E4EC064D23CA566508B71
                                                                                                                                                                                                                        SHA-512:50628476FCBE699AA6A66F007E740DC5F094668891CE22239C301B6F19B310D6F00869EA818A2E7886946146130119EF97587C411260B808A67B4203B7FAF38E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....8..........." ..0..$...B.......C... ...`....... ...............................k....`..................................B..O....`...?...........h..X(...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc....?...`...@...&..............@..@.reloc...............f..............@..B.................B......H..........X...........4A..H...|A......................................:.(^.....}....*..{....*:.(^.....}....*..{....*V.(^.....}......}....*..{....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(^...*..(^...*..(^...*..(^...*:.(^.....}....*..{....*..(^...*:.(^.....}....*..{....*..{....*..{....*~.(^..........}...........}....*~.(^..........}...........}....*...0...........(^...........%.}.....}....*.0...........(^...........%.}.....}....*..(^...*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\NetLicWrapper.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):88136
                                                                                                                                                                                                                        Entropy (8bit):6.006527408010119
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:iC0tFo1Rux5tValRNPHQ2BR+2SPeJtXpjzLbBbI7NEx9:+s9Q2BR+2SPeJtXpvLtIh8
                                                                                                                                                                                                                        MD5:EE89F648256FF03C6D334F2286C95640
                                                                                                                                                                                                                        SHA1:FBFF76F199EBA89B945C141F4F60AA814E56B2A3
                                                                                                                                                                                                                        SHA-256:3308060790BDD08927C55E8C5330383C46CD11DC65D0BFE6A09AFE89A010DB1B
                                                                                                                                                                                                                        SHA-512:1915DDDAB35E770F89909842F77A882F319AEF8AE4D43C00A208BA28AB3348C0BA686322DA108CA7C632205AB80FCAFC95786729D59CBB7CBEBB0F807951283B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U.l..........." ..0..&..........6E... ...`....... ....................................`..................................D..O....`...............0..H(...........D..8............................................ ............... ..H............text...<%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......Ph..0....................C........................................(....*:.(......}....*..{E...*"..}E...*..{F...*"..}F...*..{G...*"..}G...*..{H...*"..}H...*..{I...*"..}I...*..{J...*"..}J...*..{K...*"..}K...*..{L...*"..}L...*..{M...*"..}M...*..{N...*"..}N...*..{O...*"..}O...*..{P...*"..}P...*f..}Q....r...p.(....}R...*>..}Q.....}R...*..{Q....{Q......*.{R....{R...(....*.(....r...p.{R....{Q....>...(....*...0...........,..u....,..........(....*.*N.{R...o.....{Q...a*>.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\NewRelic.Api.Agent.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                                        Entropy (8bit):5.340012893846627
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:lm4J1QrGaG9wQ0oIlxN5Py7GcqafHscscDuMkSOried60e:w4KoiAGpoMcBuAOS
                                                                                                                                                                                                                        MD5:3E18808E627E714396A79DCFD7BF139D
                                                                                                                                                                                                                        SHA1:C75E9C0A47C20E71096863EB6567DAE5015535DF
                                                                                                                                                                                                                        SHA-256:CC4FC4F61A6DA5489DCB26EDA031073BB4358B0C3D4379807204846F5C21E3DF
                                                                                                                                                                                                                        SHA-512:B58EF37934043E8AA66117B86945E592E0206AC8A7DD255E13C3C12627CFCD53F95A846619FB0812AE0F976321DFAC6741EFFE13C3172A7BD5424E1E2A744B94
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y.?..........." ..0..P...........o... ........... ....................................`.................................?o..O...................................tn..8............................................ ............... ..H............text....O... ...P.................. ..`.rsrc................R..............@..@.reloc...............V..............@..B................so......H........7.. 6...................m........................................(....*^.(.......*...%...}....*:.(......}....*:.(......}....*"..}....*..0..v.......~....-.~....o....*.~)...-/.r...p.....(......,...%...(.....(....(.....)...~)...{....~)....{....o.....~+...-,..S.....(......,...%...(.....(....(.....+...~+...{....~+...~*...-6..#.....(......,...%...(.....%...(.....(....( ....*...~*...{!...~*.....o"...o#...,^~,...-5......(......,...%..!.(.....%...(.....($...(%....,...~,...{&.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Newtonsoft.Json.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):711952
                                                                                                                                                                                                                        Entropy (8bit):5.967185619483575
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
                                                                                                                                                                                                                        MD5:195FFB7167DB3219B217C4FD439EEDD6
                                                                                                                                                                                                                        SHA1:1E76E6099570EDE620B76ED47CF8D03A936D49F8
                                                                                                                                                                                                                        SHA-256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
                                                                                                                                                                                                                        SHA-512:56EB7F070929B239642DAB729537DDE2C2287BDB852AD9E80B5358C74B14BC2B2DDED910D0E3B6304EA27EB587E5F19DB0A92E1CBAE6A70FB20B4EF05057E4AC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O......................../.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\OpenIddict.Abstractions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):282624
                                                                                                                                                                                                                        Entropy (8bit):5.98160581785109
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:iu7WDq/53ExpkU3pf9/tDwu3ywXybESskYRobjYVZMfrmifUrSr/OwjylzD3S37Z:iu7W+/53SjtHzRpb
                                                                                                                                                                                                                        MD5:EC8545E7AA4F3D52B0DB515930031ED3
                                                                                                                                                                                                                        SHA1:FCCB312384CF20574218BB97DDFE47206F225676
                                                                                                                                                                                                                        SHA-256:DB6433AE65FF06BF74E8132F348048DBA189CD45E4CB3B58E2B30F912A4B3247
                                                                                                                                                                                                                        SHA-512:CD69532C9DBDA12FE6EDEEDE76C5EB059B51BE28B409D96107FDE3675012D2A2372A301F51CF03225C0752D161EFD5E55E261208791581CBFECE0B6AE3060ED1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c./..........." ..0..F...........e... ........... ...............................A....`.................................Ce..O...................................\d..T............................................ ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............N..............@..B................we......H..............................\b........................................(....*^.(......._...%...}....*:.(......}....*:.(......}....*:.(......}....*v../.(.....,...f}....*..}....*"..}....*..s....*..s....*B../.(.....s....*F../.(.....fs....*b.{...../..{....f*.{....**.{.......*..0...........{......(....,....XX..*z.u....,..{.....y....{......*.*>.{.....{......*..{....*..(....*...0...........(....,..(....*.(.......(....*...0..........r...p.(.......(....(....*..{....*..{....*>..}...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\OpenTelemetry.Api.ProviderBuilderExtensions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25088
                                                                                                                                                                                                                        Entropy (8bit):5.493472005360896
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:tIcaMzbrkbutTNCrawrHymNtUn0cR00D3od3PL/s0eo3/VnFn9:tIc1HGutAumyS85H3YzDeo3/RFn9
                                                                                                                                                                                                                        MD5:9F08E9FEAF3B8F740011C8AFE48B2B69
                                                                                                                                                                                                                        SHA1:D5B96F6FED466238837F618E57FF10D2F27B24DB
                                                                                                                                                                                                                        SHA-256:7E0E7735045FFDC5D37D1CBE5C29DC86E6EF3E678E710416D25FD4D2670E99F2
                                                                                                                                                                                                                        SHA-512:0FB7B7168D9BC26C54CBCB06E36F8E975859C4D481F8EE1CCAE28D5FF7CE9DFA3D4B7B370A66B82664A369BF2DF5826FB271A0FAE31BB46814937918FF8B8F6E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..X...........v... ........... ....................................`.................................Qv..O...................................Hu..T............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B.................v......H............E...................t........................................(....*^.(.......'...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..N........~....%-.&~..........s....%.....(....&.~....%-.&~..........s....%.....(....&.*...0..7.......s.......}.....{.........r...p( .......!...s....(....&.*..0..2.......s"......}#....{#...r!..p( .......$...s....(....&.*...0..2.......s%......}&....{&...r!..p( .......'...s....(....&.*...0...........u......,...o....&.*.0......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\OpenTelemetry.Api.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64512
                                                                                                                                                                                                                        Entropy (8bit):5.9607997632605745
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:8xyNFdCV6qwBZcdCzWuh0VQE8fIGeqq3KpG/YAGt:8vpwBColh0Vmt
                                                                                                                                                                                                                        MD5:98BFAE763ADA5DB1926CE219E49B3D5B
                                                                                                                                                                                                                        SHA1:649D198CF19A57737481ABF1D1D71B8FC92704CA
                                                                                                                                                                                                                        SHA-256:88033AAF594FB5CEF642503FAA09571951F8F1708E5E4F5CACACEEF7F5751879
                                                                                                                                                                                                                        SHA-512:9449D2C543D2ECEBF537BD4B60B311DE96B9F5452B9DC08F408413798975780EC925BD0457A441B3AC3693B69DDB0166551EFED09F1EA8D3D6900A69C89C5938
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.0..........." ..0.................. ... ....... .......................`.......{....`.................................y...O.... ..\....................@..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...\.... ......................@..@.reloc.......@......................@..B........................H........X..4...................$.........................................(....*..(....*^.(.......T...%...}....*:.(......}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*.0....................( ...*"..}....*....0..........~....o!...%-.&.........*{....*2($....}....*J.{....%-.&.*("...*&...(!...*...(.......*.0...........-..........*.o"...(#...s$.....o%....+:..(&......('...((...,....()...o*...&+....().....('...o+.....(,...-...........o-.....s....*.........%.Gl..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\OpenTelemetry.Exporter.OpenTelemetryProtocol.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):236544
                                                                                                                                                                                                                        Entropy (8bit):6.010641622906888
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:gbSUNB6P3HinSD9sgj7PEbVv5vWQEcivJQUszONYiyVOygEiJ:+XX63HCdgHEZFRUykygE
                                                                                                                                                                                                                        MD5:61ADB6F9315B012FBFE7A25223CC1F49
                                                                                                                                                                                                                        SHA1:BD14BC50330DE19B91FFADB892BDC8113C6C7F0C
                                                                                                                                                                                                                        SHA-256:4B8229DCA903C4AA43F1093B24E9DD9440CDEDBA09EF0830D59E09855434B377
                                                                                                                                                                                                                        SHA-512:D04086037FA31672F280A609FE8F0B6D5AE7936EAD7D1591646220F1831E3E765B7E4526C2D59090CCCBA2F8032CB7BAC072925463BB0E8C16B15F3A6B912053
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............" ..0................. ........... ...............................8....`.....................................O.......|...........................x...T............................................ ............... ..H............text....... ...................... ..`.rsrc...|...........................@..@.reloc..............................@..B........................H.......PI...e............................................................(&...*..(&...*^.(&..........%...}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*.~....*.0..m.......r...pr{..pr...pro..p('...((.........%.()............%......(*...(..........%.r...p.....s+....s,...(-........*.~....*F(....o.....o/...*.(....*..(0...*..(......{....-..+..{....o1...}......{....(2...}....*..s....*..{....*"..}....*6..u....(....*..-..*..3..*.(.....o....(3...-..*.{.....{....(3...*.0..0.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\OpenTelemetry.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):201216
                                                                                                                                                                                                                        Entropy (8bit):6.078266756704856
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:HP6duYsc8vxzvJPLO6LnYWcYosRgwrkl2TVENTkQxw/StIt:Sca+DPLO6LYWcYiNNt
                                                                                                                                                                                                                        MD5:47E62E803A9EFB23025D80132BCCE24F
                                                                                                                                                                                                                        SHA1:2378BC9FB79B4E6B033E823C17DC9BA68BC98B74
                                                                                                                                                                                                                        SHA-256:1D1E45A0EF6FC62953DA8BD5B96B1283D9EE20368D7306902F352B3D8A315D3F
                                                                                                                                                                                                                        SHA-512:C9C04D2974F987F49715BF0C1FDFDEF6BE05F7D6CCDD76B8D06D8F150069A1801AD4BF8EBD4D9F89CDC89615CF9D406053D4827AE2DF78F2D1C4C5281F1E0DAB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%6j..........." ..0.............J$... ...@....... ...............................)....`..................................#..O....@..<....................`......(#..T............................................ ............... ..H............text...@.... ...................... ..`.rsrc...<....@......................@..@.reloc.......`......................@..B................)$......H................................"........................................(*...*..(*...*^.(*..........%...}....*:.(*.....}....*:.(*.....}....*:.(*.....}....*..(*...*..(*...*:.(*.....}....*..{....*.0..j........(+.....},.....}-.....u....%-.&.s....(/...}0......u....%-.&..s1...(2...}3......u....%-.&..s4...(5...}6...*...0...........{,....{-....o7.....{0......+3.....u........,.....o8...+..~9...(:...,...o;.....X....i2..{3.......+.......o<.....X.....i2..{6....,cs=......{6.......+,...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\OperationalEvents.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):63560
                                                                                                                                                                                                                        Entropy (8bit):5.900037449715424
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Zo7gUM+WQNtSn2sgIvZSCeuM97nYCL73VG1fCzYiRvHEAMxkEtw:Zo7LTWQRMLep0Cn3Va+7Nix5w
                                                                                                                                                                                                                        MD5:DA649B013B140B6E703983872EA475AE
                                                                                                                                                                                                                        SHA1:C01DAC43AE9EF2E0896FC33B517093F39AC7C3B7
                                                                                                                                                                                                                        SHA-256:D520C1847BEAE9CB13D0D1B87ED5BA0F9483E776D0C3CCF1484E2F20732CA7C7
                                                                                                                                                                                                                        SHA-512:6DE13644AE95A374572676DD32FD419D844D43BE8D36187341BC93659805A9DB28A5B5CD494B19F3C1D20EC996FB8AF02ECA69084605B261F90AA5BE715E1D24
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............6.... ........... .......................@............`.....................................O.......................H(... ..........8............................................ ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........[......................x.........................................(....*:.(......}....*2.{....o....*.0..W........(......}.....~.....(....(....(....}.....(....-.(....-.(......+..{.....(....}....(....*..0..........~..........(....~....-g~....r...p( ...~....%-.&~......M...s!...%.....~....%-.&~......N...s!...%.....("...~....rU..p( ............,..(#....*.........x........0..F........(....o$...,".{....o%...%-.&*.o&....o'...o(...*.{....r...p.o&...(...+*^.{....r...p( ....(*..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\BlankVhdTemplate.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10490880
                                                                                                                                                                                                                        Entropy (8bit):0.9485815165593214
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:G/pcGnh3vs/InbrTIHvPnHmC5irCuMo/+ncoZZihnh/7N:erZn7y/EGuH/cpin7
                                                                                                                                                                                                                        MD5:DF6E116B0D811CC974DCEF1792F8A907
                                                                                                                                                                                                                        SHA1:D5E96D8029268AE433FFFE58F2EB0891B6D3BDAA
                                                                                                                                                                                                                        SHA-256:9126D4AD4D71CAB4394973C8D2A57B6B9777649244931F4516CC2558CBCA4A6C
                                                                                                                                                                                                                        SHA-512:5945DBD72D9185DAA686831C544451E36D12E83A51A6F65E0205894CDEC22E79353F3FFEF93F4B2CD41BF73D2C66A141CEBA16ACA1AB2B67B13B71690669DF38
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix....................win ....Wi2k.............................+.d.OL...W................................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....o................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.DistributedTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22088
                                                                                                                                                                                                                        Entropy (8bit):6.641765707043487
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:fEF5H8cTNlAlsys5y/pSU96ppG7JewIYiArevVAM+o/8E9VF0NyHiscMQ:f6BDBQIvppG7JeZYiRvVAMxkEsB3
                                                                                                                                                                                                                        MD5:F09C4821B3E7C25CA445E8A16324B79D
                                                                                                                                                                                                                        SHA1:A61C27BABF80BE9EA13E087EE4EB59167EF98248
                                                                                                                                                                                                                        SHA-256:1AD2203660F8B15635F95C90F45634861AB4F782FE647C7977C76125C5CDF533
                                                                                                                                                                                                                        SHA-512:E2E5E49CD926B140C9B120F6FEB38778D2F96B3B1B6A55F54D96C92B0DFB892CB3EA98316F9EC6E32C8B8F16AC77CA966E5AAE585AB75D220DDD55373F055EE0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..$...........C... ...`....... ....................................`.................................0C..O....`..t...............H(..........4B..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...t....`.......&..............@..@.reloc...............,..............@..B................dC......H........#..4....................A........................................(....*:.(......}....*..(....*~.(......s....}......o....}....*..0..+.......(....%%-.&.........+.(.....%-.(......s....*R.{......(.....o....*.0..}................-..+..o....( ...-....o.....o!...("...(#.......(.......(......-..+..($...-(.,%.o%......(&...,...o%......('...((...&.*....0..$...........()...-..+...(*......(+...(,...-..+..-.(-...+.(.......()...9......(/.....(0.......-'.{......(.............$.....o

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.Shared.Adapters.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):27720
                                                                                                                                                                                                                        Entropy (8bit):6.530837073092152
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Mrtnm6oE866ZMDJtx+KKqJiiYiRvOAMxkEiP:N66ZM7p7N8xmP
                                                                                                                                                                                                                        MD5:0DFFA9A726EC6AC8931180B237BDC56B
                                                                                                                                                                                                                        SHA1:2683CD94CD15F700DC889D1BDF83A138F0DE9737
                                                                                                                                                                                                                        SHA-256:650555F1BD6A1D72591C147195282D642F0053CB812C4ACB96EDC55085E08CE1
                                                                                                                                                                                                                        SHA-512:91C10DAB8EFA50BBB0B639D839F19E9BB71150ABFDCA518A1E6A94D739EECDF62E0FEF4C09CB439968D30AFC4662E6105DA15EB904944DD0F669843B390B919A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%k..........." ..0..:..........:Y... ...`....... ..............................9.....`..................................X..O....`..h............D..H(...........W..8............................................ ............... ..H............text...@9... ...:.................. ..`.rsrc...h....`.......<..............@..@.reloc...............B..............@..B.................Y......H........)...-..................pW........................................(....*:.(......}....*..-..*.o.........(....(....,..t....o....*......s....*..-..*.o.........(....(....,..t....o....*......s....*..-..*.(....-#.o.........(....(....,..t....o ...*......s!...*..-..*.(....-#.o.........(....(....,..t....o ...*......s"...*..(#.....%-.&r...ps$...z}%.....}&.....}'......}(......})...*..{%...*..{&...*..{'...*..{(...*..{)...*2.(*...o+...*2.(*...o,...*..(*...o-...(...+.(/....(0...(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HCL.TlsCertificateVerification.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):29768
                                                                                                                                                                                                                        Entropy (8bit):6.532090903574199
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:8a5a6zNyEchOErjyqmCAXJBp+zJ2KYiRvsbAMxkEm:8Ea6UEch7bmCACt7NAxS
                                                                                                                                                                                                                        MD5:5A4790E5F96AA3587E3F7C883CFBB000
                                                                                                                                                                                                                        SHA1:737F7EF19EBCD1C34847678264E40313BFB28CD4
                                                                                                                                                                                                                        SHA-256:F73A968BFBE2C82CD759667FFDBCF5DE94BEF84EC3F6ED6155C2DB479C39C8C4
                                                                                                                                                                                                                        SHA-512:57B3E1423BAA88520DADDECA25B128923E4A455B687C10DBE715A0AC9F3AA2DB29859DE9DA787EAC0A8FC69E43B8FC6C90469503F82C5F01A32C684465B129BF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M............" ..0..B...........a... ........... ..............................r.....`.................................ta..O....................L..H(..........h`..8............................................ ............... ..H............text....A... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B.................a......H.......82...-..................._........................................{....*..{....*..{....*r.(......}......}......}....*....0..Y........u........L.,G(.....{.....{....o....,/(.....{.....{....o ...,.(!....{.....{....o"...*.*.*....0..K....... .R.. )UU.Z(.....{....o#...X )UU.Z(.....{....o$...X )UU.Z(!....{....o%...X*..0...........r...p......%..{.......%q.........-.&.+.......o&....%..{.......%q.........-.&.+.......o&....%..{.......%q.........-.&.+.......o&....('...*..{(...*:.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.HypervisorCommunicationsLibrary.AddInSideAdapter.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):288328
                                                                                                                                                                                                                        Entropy (8bit):6.245091750467156
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:fY+5YLRI1qFanmjp3K91dRUVHrKOcgkd88ZVC8rhKu:fsu8O991nUxrKOcgkoqKu
                                                                                                                                                                                                                        MD5:8B87D5288A45D93ED004858C5BE6BCED
                                                                                                                                                                                                                        SHA1:9C0E431E485B42F2774062D9491E1736345210C3
                                                                                                                                                                                                                        SHA-256:AB2D850BB81D2ACD1EB89BD008CCE22C297B97D84E5E443871D4D6A19CDC6D3F
                                                                                                                                                                                                                        SHA-512:22731E330984DBF4F2192E86FBF1A31D952FA6D0B5B43B3F5ADE7469E9426769C282AB28EB832FEEBC059747E78143408C4C0E02251AD23D469502806507EF7F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G............" ..0..4...........S... ...`....... ..............................t.....`..................................R..O....`...............>..H(...........Q..8............................................ ............... ..H............text... 3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B.................R......H...........8....................Q........................................(....*:.(......}....*..0...........(.....s.......s....}....*2.{....o....*2.{....o....*.s....%.}....%.}..........s....(...+*.s....%.}....%.}...... ...s....(...+*.s!...%.}....%.}......"...s....(...+*.s#...%.}....%.}......$...s....(...+*.s....%.}....%.}..........s ...(...+*....0...........o!......&..("...z.*............"...........#...N.(#.....s$...}....*.s%...z.s%...z.s%...z.s%...z.s%...z.s%...z.s%...z.s%

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\Citrix.ManagedMachineAPI.AddInSideAdapter.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):115272
                                                                                                                                                                                                                        Entropy (8bit):6.261077743530748
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:Y9oicibPB1T8r1ChlGJp7rpnfZHAnPnx77N6xd:+gibPt4j7NnfiPnx7hu
                                                                                                                                                                                                                        MD5:FDF9D21479A7835DE79BFE547B2ACFD1
                                                                                                                                                                                                                        SHA1:EDCD4F0A78D5F695E196FE465CE9D76E1A5BAA4C
                                                                                                                                                                                                                        SHA-256:A729B4C9E7F7946ADFA0885C4F2BC7CD8E641E62C52DB54A50BE9AAC41B38CDA
                                                                                                                                                                                                                        SHA-512:B3443D95E4B3E257514423DD83826339F26F04F0686B40314A83EBC5331A5CD7968E2D08CBBDA53F490AF54F09528865627AE86B144B59F18D7B15CBC6CECA31
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:............." ..0.................. ........... ...............................j....`.....................................O.......................H(..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.........................................................................(....*:.(......}....*N.(......s....}....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*.s....%.}....%.}....%.}..........s....(...+*.s....%.}....%.}..........s....(...+*.s....%.}....%.}..........s....(...+*.s....%.}....%.}..........s....(...+*.s....%.}....%.}..........s ...(...+*..0...........o!......&..("...z.*............"...........#....s....%.}....%.}....%.}..........s....(...+*~.(#.....}......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\CustomProvisioningCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):152648
                                                                                                                                                                                                                        Entropy (8bit):5.9910190773521155
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:DNP3kKxCPhlMP6iyul5VT/1R/4bu0k9hf:FUKxITS6yMEf
                                                                                                                                                                                                                        MD5:633F900BE6B55586D2F2FCFD57D5FF1B
                                                                                                                                                                                                                        SHA1:46BB2A3060CED59380CC5829B9317DE3D53B2731
                                                                                                                                                                                                                        SHA-256:24BA312B6240CDB17A8F092B5EB54402F67F2B8B4B60423283638AD900C42CBC
                                                                                                                                                                                                                        SHA-512:A73B18FBA49F3CE82AB343A7AD7D7959748BDF8344EF04FFB42A3C4DD0860E0BB60E773A7DDE2ACDE3A57BEA9CB8EA00ED00846CF6BF4F1B3B39D67C12EBF576
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.."...........A... ...`....... ..............................d.....`..................................@..O....`..\............,..H(...........?..8............................................ ............... ..H............text....!... ...".................. ..`.rsrc...\....`.......$..............@..@.reloc...............*..............@..B.................@......H...........$...................<?........................................(....*^.(.......3...%...}....*:.(......}....*:.(......}....*...0...........(5...%{ ....{!.......(....*.0..4........(5...%{ ....{!.....-..+..o".....(.....(......s$...*.0..U........(5...%{ ....{!.....-..+..o".....(.....u#...(......u$...(......u%...(..........s)...*....0..F........(5...%{ ....{!.....-..+..o".....(.....(......(......(..........s)...*:.,....(#...*.*2.-..*.o$...*2.-..*.o%...*2.-..*.o&...*.0..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\DiscUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1011784
                                                                                                                                                                                                                        Entropy (8bit):6.001140300190096
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:QCmGf6qsJNLfnU9PbbpRTf1FgvSCCquyFY150:dJSLfnU9Pbn9FYBCq6u
                                                                                                                                                                                                                        MD5:A4DE4231E573C4586A3ADFB3F6E4497E
                                                                                                                                                                                                                        SHA1:EBD421F798FE937BEADFFD96FD0AC501FEAB1F2E
                                                                                                                                                                                                                        SHA-256:BA7AF306AC79D0E1438405D2681334B0F260D34C495AAA4755549F3CE61CB857
                                                                                                                                                                                                                        SHA-512:76953B2521787C35EDA8AA4625C33AFE92497B65F04B9A4B0E682D390E2DE47A91099EA7C1B84638F390502793C1A8171AAB85C5E787008C80C4F23B05AD47B8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y............" ..0..@..........b>... ...`....... ..............................U\....`..................................>..O....`...............H..H(..........8=..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................D>......H.......@B...t...................<........................................(l...*:.(l.....}....*v....(m.....}...........}....*..{....*"..}....*...0...........{.....{....j]i..-O..{....],..{.....jX.on...34.(o....{....op....(o......oq.......{......jX}......*.{.....{....j(......{.....jX.{....j(....%.Y ....j1.r...psr...z.Y.......(o....op....(o.......ioq.......Y(s...........(t.....{......jX}......*..0..<...........3...{....X.+...3...on...X...j/.rA..psr...z..}.....{....*.0..F.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\HypervisorsCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):138824
                                                                                                                                                                                                                        Entropy (8bit):6.148850658916972
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:y33DPnEZQttmdS6Wa2EJjtpUGzhv95Awth4G3LatfNFAfhrU:oTPzJ6W12DqNFWrU
                                                                                                                                                                                                                        MD5:D7F11F4F22DCA93BF7B5FD7C744EAC83
                                                                                                                                                                                                                        SHA1:9AEB0DEC0688737E25CA13CB159B0F3A618F6BCF
                                                                                                                                                                                                                        SHA-256:A5DB70A8D4AC887F562012E02CF349E36898ED112B8BAC9B747B7F23D1661A77
                                                                                                                                                                                                                        SHA-512:B71504CAE7132E0E5F93266F074AD9EDB0120A02C43C7583A7D1E62A5695BBCB812D087481CDAA75B8A37B6A52E757305367E281384BBCD4B0EECEB1E50EEDC0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r.<..........." ..0.................. ... ....... .......................`......^>....`.....................................O.... ..,...............H(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...,.... ......................@..@.reloc.......@......................@..B........................H............\..................L.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*..(.....r...p(.....r...p(.....r...p(......(....*r.(......(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..J.........s....}.....(......} .....}!...("......-..........+..(#...}$....,..o....*2.(%...o&...*..{$...*2.(%...o'...*..{....*2.((...o)...*..*..{*...*"..}*...*..{ ...*....0..;........(%...o+....{!..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\PvsVmTemplate.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10490880
                                                                                                                                                                                                                        Entropy (8bit):0.95065153461183
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:D/pcGnh3vs/InbrTIHvPnHmC5irCuMo/+ncoZZihnh8jXTBxGQe2p4UEcGQ6xJYm:LrZn7y/EGuH/cpiUTk0
                                                                                                                                                                                                                        MD5:DB3BDCDEDC59E29178B7F54D87B41C62
                                                                                                                                                                                                                        SHA1:02A9DFB053A6D2B25A2460065FC55C2A4CCB7B75
                                                                                                                                                                                                                        SHA-256:A0D7D172F50026F44AFE728DB76EBA98CFFF859CBE9C620EAF30D748229662C1
                                                                                                                                                                                                                        SHA-512:B27BCED021D8B5D9816A5277D526D34756A93A0C193EC6B3821C227BB43E5CD8E6CE90083CF0637DD82E50407E2A28802A527B98BAB1EAB8E55432B264980B52
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix...................win ....Wi2k...........................l.....<......#...............................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....o................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\PvsVmTemplateForPreparationVM.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23078400
                                                                                                                                                                                                                        Entropy (8bit):1.1328074820682268
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:KrZn7y/EGuH/cpiBn6A9s0erAGCrZn7y/EGuH/cpiBfd+:yUDuH/c8N9s0+wUDuH/c8
                                                                                                                                                                                                                        MD5:14CF8A6B711753773D9971A6D1D98436
                                                                                                                                                                                                                        SHA1:806EC3E61015DB6E86AE6A6E7B65C4A24A004E24
                                                                                                                                                                                                                        SHA-256:6F26ED14F678EFECCA13B003F2E218429C455D037A2D37E8220EB3A7EF8BCED6
                                                                                                                                                                                                                        SHA-512:E380A0CD483AFC4E0BB1CD80DEC4D2BA62B419B2291AF894F4B4A7F0385C94C1CFE17DCD33B758F124DB799D6EC28FBC487C6B28645FFDC7BE034A377B47A131
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix................(...sdb ....Wi2k....@.......@.... .?...........W....-...GL............................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....u................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\bdm.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:DOS/MBR boot sector; partition 1 : ID=0xee, start-CHS (0x0,0,2), end-CHS (0x3ff,255,63), startsector 1, 4294967295 sectors, extended partition table (last)
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20972032
                                                                                                                                                                                                                        Entropy (8bit):0.42137146875552817
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:i0Y/APlGGWY2WY7tb0S5Dl6Qu3M1z93Lr9vACZBvWtcCOVBwXtfDkGS:C/JYtYVDlPZp3lvACitcx+dD
                                                                                                                                                                                                                        MD5:7879E75500F7DC8CB615DE1DBEE7A180
                                                                                                                                                                                                                        SHA1:D0D0C998E19DEB7CF3D23090E5C715AC2CBDB826
                                                                                                                                                                                                                        SHA-256:1DB64DAD348CC6394F7DCCF126419D9427D73CD85DA7F1AADCCECAF89620E647
                                                                                                                                                                                                                        SHA-512:67419D3B7505E70966B13F5F1F920BAC323FDE6288DC30F081D3F283CBC8BB7F181D9E14584CA2827073D11629334BFF0A05AC055846B0A70D9764304909275C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................U.EFI PART....\...M..s...................."..............<.a...@..Y[/yE................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.Wcf.Types.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):77896
                                                                                                                                                                                                                        Entropy (8bit):6.279842647751867
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:KTu1lirCE6WbHQiTvkETvHjH2HuCSSl17NQxu:KTYWCtawiTkW7HIuCSSl1hx
                                                                                                                                                                                                                        MD5:C951CB54E676F4FFF8F63F1C70CB1D35
                                                                                                                                                                                                                        SHA1:836FD9BC87CCA73962957BB5CB66C9D73E713038
                                                                                                                                                                                                                        SHA-256:084EF1BB4A492A84BFEEDB8FB56967034C04DA83F71112E0277001FEFB813D13
                                                                                                                                                                                                                        SHA-512:7EAD654563698C81970C658F3C0BCD4770D0718C5C20CFA651EED8C1CEA5F58E13482EF1DE5F622BBE835BCA8C2455AF3D1F1E96482BCC59E59FF3BA92BE7120
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`............`.....................................O.... ..................H(...@..........8............................................ ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......tQ......................(.........................................(....*:.(......}....*V.(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..;........(....(....,..*.(......(...+,..*(....r...p.(....(....s....zR.........o....(....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(....*:.(......}....*...0..x.......( ....o!...-..{....ra..p.(...+r...ps#...z( ....o!.....($...,..{....rC..p..(...+.*.{....r...p.( ....o!...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.Wcf.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):284744
                                                                                                                                                                                                                        Entropy (8bit):6.073141433492261
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:KTKRVCGM8QYTxIHZHpXDcDHyt2V31CDDc1z4sxPX5k9ztuOw37VJ5hH:KeiGNyHZHQStS3cDDc1vxPpiztunxH
                                                                                                                                                                                                                        MD5:FD605A6D980CA8F8CFAE450F8EE32267
                                                                                                                                                                                                                        SHA1:6FD00AB7F9F3D88685C2FE7822AB1882D3BEF07E
                                                                                                                                                                                                                        SHA-256:E910F464058B4764FE42D60C6278F1DB87DE2DC6E707B72AAF4491643CE50DB3
                                                                                                                                                                                                                        SHA-512:BA21A06056923AB35B16395EA02D48EB0736A961D796CCBE7EF930959EFFB0F7C2C58E7AB4A6EBC3B02269856CD1266583AF97932F38915439B97D6650030786
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....x..........." ..0..&...........D... ...`....... ..............................8j....`.................................FD..O....`...............0..H(..........0C..8............................................ ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................zD......H........v.......................B........................................{$...*..{%...*V.(&.....}$.....}%...*...0..A........u........4.,/('....{$....{$...o(...,.()....{%....{%...o*...*.*.*. |_.. )UU.Z('....{$...o+...X )UU.Z()....{%...o,...X*...0..b........r...p......%..{$......%q.........-.&.+.......o-....%..{%......%q.........-.&.+.......o-....(....*..{/...*..{0...*V.(&.....}/.....}0...*.0..A........u........4.,/('....{/....{/...o(...,.()....{0....{0...o*...*.*.*. L..y )UU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.HypervisorCommunicationsLibrary.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):62536
                                                                                                                                                                                                                        Entropy (8bit):6.0676641896646695
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:kuOV3mTNB8O5f+CPzkSMYUvjAYH2KwwfkMImHTxabBTWJ7lYiRvPAMxkE+d:8V3mTN9MYkSMYzM/HTQQL7NPxid
                                                                                                                                                                                                                        MD5:D5813C8F21AB51392CEECDF3D731FE0B
                                                                                                                                                                                                                        SHA1:8F76EF7FB89A227FA2496E554268F69F8A572683
                                                                                                                                                                                                                        SHA-256:EFFFD732EE1DA5574625402B0DA7DCE923457682D11B468CF52EE72E459E470A
                                                                                                                                                                                                                        SHA-512:2C2620C09208CE74D542947010D0E502203286E44E5B5417758CCF597D55FACA784818B6BD5B0F6CBAF0078EC66F752CB7B09C7C9E78EA0947C0DB86DF6D51D0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R..........." ..0.................. ........... .......................@............`.................................v...O.......................H(... ......h...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......X!................................................................(....*:.(......}....*:.(......}^...*..{^...*~r...p(.....w...re..p(.....x...*..(......}.....~....}.....s....}.....~....}......}....*....0..'........(#.......+......{.....o......X....i2.*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*.BSJB............v4.0.30319......l....R..#~...R..$O..#Strings............#US........#GUID..........#Blob...........W..........3........A...Z...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.MachineCreationAPI.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):61000
                                                                                                                                                                                                                        Entropy (8bit):6.244799465732791
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:BG/KZYMUCQyGO9leMNjQfdcteovjYsnxawXZ5ScjJu5syKsFX8nJ0aYiRvbhAMxw:c/Uiile2Qfd8Tssnwc9j0NOr7NNxw
                                                                                                                                                                                                                        MD5:3576D847768ADF848044315663505C72
                                                                                                                                                                                                                        SHA1:B68D9318467A9FC6F5652A8F19707E9F0538A632
                                                                                                                                                                                                                        SHA-256:B47993ECC7379125B0F2E2B2007F4255449CBF0D6352FB8AAB18DEE48EE181D0
                                                                                                                                                                                                                        SHA-512:DC6B8D18693E3532BC9700CF2E50F4271750071542DD720F6E00230539BA47BC1BD1E65DFEE94F70397A53CEF0BEC608219199E9F2524AA54CD6D527604D0908
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]&..........." ..0.............2.... ........... ....................... .......E....`.....................................O.......T...............H(..............8............................................ ............... ..H............text...8.... ...................... ..`.rsrc...T...........................@..@.reloc..............................@..B........................H.......L2.. ...................l.........................................(....*:.(......}....*.........(.......}.......}.......}....*..{....*..{....*..{....*r.(......}......}......}....*..{....*..{....*..{....*..{....*..{....*..0..K...............(.......}.......s....}.......}.......}.......}.......}.......}....*..{....*..{....*..{....*..{....*..{....*..0..T........(......(......(......(.......(.......(.......(.......(!......(#......(%......('...*..{....*"..}....*..{....*"..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.ManagedMachineAPI.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):47688
                                                                                                                                                                                                                        Entropy (8bit):6.2881347196202135
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:lQ/JVp7EXv/COD6IaUNHtAS3poDL1XHASQlAlM0gGT9VoO44JwXYiRviAMxkEy:gpQVaU9tAeolXHoF89Rm7Ngx2
                                                                                                                                                                                                                        MD5:57558DF83002CCCE7282E82375D6CD23
                                                                                                                                                                                                                        SHA1:8E4CB4D77FD62A8D43E8A834360C5A6C4CF566C0
                                                                                                                                                                                                                        SHA-256:8989BCEC431B647830031533077A8290762F90A2126D2EC922BA6F38F837A825
                                                                                                                                                                                                                        SHA-512:DB3FA5101A3C8913B4754BC297F3516E3A34DA41F0CFCF8FF8679A77DCC39D135C3B02656D5B8F03479F5751F5519502EBAC3871BD7A1BA87B6327EDFF1C210F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H............." ..0.............j.... ........... ..............................&.....`.....................................O.......T...............H(..........$...8............................................ ............... ..H............text...p.... ...................... ..`.rsrc...T...........................@..@.reloc..............................@..B................J.......H.......D-..`w............................................................(....*:.(......}....*..0..Q........(......(......(......(.......(..............(..............(..............(....*....0..D........(......(......(......(.......(.......(.......(.......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..........(....r...p......%..(.....%..(..........%..(..........%..(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.DistributedTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):69192
                                                                                                                                                                                                                        Entropy (8bit):6.264733602895141
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:cpzUlctlFuJbvsrc7rvBwzqKeJ48+jUEcmBbUypbQSvSTRJ307Ngxx:cNUEy57LurYElwypbQSvSTRJ30h8
                                                                                                                                                                                                                        MD5:A2C8CA22B2E02CA78C1EA9EDC2FEB3AF
                                                                                                                                                                                                                        SHA1:6670DE0969B24A95EDA2D6BE22265356E4E2045B
                                                                                                                                                                                                                        SHA-256:EEDA7BB49EB75253F75B4CDDF57CED2AE979F565D1CB51C6BD0F5D6B61A40EC9
                                                                                                                                                                                                                        SHA-512:E2CAFCC5D5F5930EE95D88A917A23A4713196F647CE4C7649A86F3FC0B08071E99FFFFAD7470466607BA12EA4B1572AFB6E7B47795E83EF65D3DF6D3AC263020
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@....... ....`.................................U...O.......................H(... ......l...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........Q..............................................................(M...*..(....*^.(.......[...%...}....*:.(......}....*:.(......}....*:.(......}....*..(....*.0...........,z.u\.....-y.u]...,...]....+m.u....,........+l.u......-s.u....,.........+k.u....,.........+d.u....,.........+].u........-\+kr...p..+o...+j..(....(......+Z........o......+I.(......+?..(......+4..(......+)..(......+....(....o......+..(....(........*.0..?.........(......,...3...+...(.....s ....+...(!.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utilities.AssemblyResolver.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20552
                                                                                                                                                                                                                        Entropy (8bit):6.667489560107046
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:SzvR3JuBw+ZsElzh2Vka3DWJLftIYiArevjcHAM+o/8E9VF0NynX:eIwGlLqka3DWJLyYiRvjcHAMxkEx
                                                                                                                                                                                                                        MD5:B4FB4C4B348D4E0DF8BFF4FFF8886AE1
                                                                                                                                                                                                                        SHA1:7B0AD08BB995968BD504EECA407E582B2C96EFA1
                                                                                                                                                                                                                        SHA-256:FC2E6A213C4C87B628706F77D91E7A92C4D0EFC7348039BC07FA1E41213F8163
                                                                                                                                                                                                                        SHA-512:67C48215EE3A47A138C685AA62C869C39A882BC37C45CEBC852E1C3CBBD28747E5613668986141F7EB9E6501790B5F1CFAB7CA5D39DCABD4A02EE74035918FC7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3s..........." ..0..............<... ...@....... ..............................Q.....`..................................;..O....@...............(..H(...`.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................;......H.......|$......................D:........................................(....*:.(......}....*..0..?............(....o....o....(......(....,..(....(...........s....o....*..(....*..0...........(....,.*..r...p(.......(...%.r...p.%.r7..p.%.rY..p.%.rm..p...(....-..G.......+*.........(........(....,.....(....`....X......i2..,.(......&..*..................0..........s.......o....s ...}.....{....o!.....(....,..*.(....o"..........s#...(...+...(%...,[(....o&....+:.o'....{....~....%-.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utilities.EnumCache.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.749016244766599
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:XKuwlxifhd7xcpJU8IYiArevldAM+o/8E9VF0NyZMvg:aL2d7xcpJUtYiRvldAMxkET
                                                                                                                                                                                                                        MD5:F4EB32EBC5CCE9551E70B11C5EECBCB8
                                                                                                                                                                                                                        SHA1:CFA37A142A0720A351AE9C6ABB108E7E91A8A3F8
                                                                                                                                                                                                                        SHA-256:0E56236CE10102E909E92842B21FEF54B3FD66A0219101B15554C7BB9AB2DFD2
                                                                                                                                                                                                                        SHA-512:616CCDDC27973515CC1C7E34FDD33D14C441BD6355CCA442496F2365D097AD5B3CC184C86F906EC9D149B71B32095C6D22A0E89613F7A95616A6D4DB3F6FE885
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............2... ...@....... ..............................{R....`.................................b2..O....@..................H(...`......x1..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........!..$....................0........................................(....*:.(......}....*N.{......{....o....*..0..1........s....}....s.......}.....(............s....}....*.s.........r...ps.........r...ps.........r...ps.........*J.{.....~....o....*..(....*J.s....}.....(....*Z~..........s.........*F~.....~....o....*..(....*.s.........~..........s ........*..(....*6..{....o!...*.s.........*..(....*2.r...po!...*.s"........*..(....*N..r...p......o!...*...BSJB............v4.0

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Citrix.Xaxd.Utils.Strings.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32840
                                                                                                                                                                                                                        Entropy (8bit):6.432250699968588
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:QHOWSvOnkGc0Ak+i40lzgAqrQLFPsnJEIYiRveAMxkEho:iOWKOnS0Ak+pnXNF7Nsxi
                                                                                                                                                                                                                        MD5:54ABD6D1EEF5FD0803A5CBE83E3B0CEC
                                                                                                                                                                                                                        SHA1:2F7555EDE62A7D4CA4CB4CAE7C647F61190FEF3E
                                                                                                                                                                                                                        SHA-256:4D956E05185160C5FD50F9BB676193F3EE7BD5AB69505FD7C5D9ABBD2F938731
                                                                                                                                                                                                                        SHA-512:EF30307461B381A73391E8FDBE5058097A8B136B9992FE29B6D0D50682659653307974F3B20C1E296CA50528015FD4C6CC7C73EED4ECA1D7471890BCF97DB280
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..N..........Jm... ........... ..............................c.....`..................................l..O....................X..H(...........l..8............................................ ............... ..H............text...xM... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................)m......H........8...3...................k........................................(....*:.(......}....*..0..p...........7....(.......8....+=..o......(....r...p(....(........%.X.r...p..r...p(....^(.......2..s.........,..o.......*........Tc.......0../.......(.....+...8......o...........4......,..o......*..........#.......0..G........(.....,+..}......(.....( ...}......|....(!...}....*..}.....~"...}....*..0............(.......(.....*.....................{....*.0..2........(....,(s#.....(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\Microsoft.WindowsAzure.Configuration.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):28352
                                                                                                                                                                                                                        Entropy (8bit):6.682331503348516
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:wJVgBIO0MJwpn6pnhrC5xajWUZ9NK0389mJKWDhbWRC77q0GftpBjRXSfERHRN7y:oVgBIO0MJwpn6pnhrC2JLzfRijoEBSl
                                                                                                                                                                                                                        MD5:7134C1C88801689C001744784AC475B3
                                                                                                                                                                                                                        SHA1:8167A8A7CB91ECEB0F806E3F75F58E5AA4901ACA
                                                                                                                                                                                                                        SHA-256:C6B0142E7E1A1E0802848A4CF273B76C4DD789C3C8DC13CC696C70CA07E80CC0
                                                                                                                                                                                                                        SHA-512:D1BA1110921DB11195AD04D79C1BCCD541D2AF710587C00BD492EFA6F0A7A6D6E89EA3CABF0D9F3660F4999C976CA3C04242B1C3899D5A3E11A009B9DF49FB10
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......X.........." ..0..&..........vE... ...`....... ....................................@.................................$E..O....`...............0...>...........C............................................... ............... ..H............text...|%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................XE......H........%...............A......lC........................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*V(....rY..p~....o....*V(....r...p~....o....*..0..G........-.r...ps....z.o....-#(....(..........%.r...p.(....s....z(.......o....*..0..F........-.r...ps....z.o....-#(....(..........%.r...p.(....s....z(......o....*"..(....*..0..:.......~....--~..........( ...~....-.s............,..(!....~....*...........*.......s.........*.0.............&...%

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\RemoteHCLCLient.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1478728
                                                                                                                                                                                                                        Entropy (8bit):5.795446606132023
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:6ST2Xua5idkbcjetiundKglj94gOh5FtqwVDkrFtZBT:aXuCiaDdN4gOLFtqwVDkrFtZR
                                                                                                                                                                                                                        MD5:9C1DE33CDC0EE218C723FE44BD9A2EE3
                                                                                                                                                                                                                        SHA1:506344579A05FC616A0E9C8D3530F77B0FD1BD04
                                                                                                                                                                                                                        SHA-256:59717DB0FCEF81DBE9EEC0F09648221D844B6ABED6FB59DF8033693E67E20DF4
                                                                                                                                                                                                                        SHA-512:F4F9F2327BD0D0C0DEDAB5A80D7CCB492D9E00A8662E85D1503F5755F71A5ECC7A4ABC6C9E97CB16D6E52C400FC3DD9EA635ED9EE4861289CCB9F2108BF02851
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..^..........R}... ........... ....................................`..................................}..O....... ............h..H(.......... |..8............................................ ............... ..H............text...X]... ...^.................. ..`.rsrc... ............`..............@..@.reloc...............f..............@..B................4}......H............h...................{........................................{1...*:.(2.....}1...*..0..)........u..........,.(3....{1....{1...o4...*.*.*v .qP. )UU.Z(3....{1...o5...X*..0..:........r...p......%..{1......%q.........-.&.+.......o6....(7...*..(8...*:.(8.....}....*"..(9...*&...(:...**....(;...**....(<...**....(=...*F.(>........o....*F.(>........o....*:.(>.....o....*:.(>.....o....*^.(>..............o....*>.(>......o....*>.(>......o....*2.(>...o....*2.(>...o....*6.(>...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Configuration.ConfigurationManager.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):91264
                                                                                                                                                                                                                        Entropy (8bit):5.352794878474568
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:KUygsS6BeXYgnQNrh9BhejkpvStZnQ+2/NVQ8GLa0Uh55T3lEC/IOPbZtxqN4bES:Eh8a9BheBQ+2/NVQ8GLa0Uh55T3lEC/J
                                                                                                                                                                                                                        MD5:0DC8E149BBAFAF4A6DE3F84A3E089B6F
                                                                                                                                                                                                                        SHA1:0F5CC37FB1B85D87FF3C37A25BABBECA556FC013
                                                                                                                                                                                                                        SHA-256:0C636BEC5A50D15643210995E27D701D9DB5BFD5A3B1E44EE946AF33CC98D165
                                                                                                                                                                                                                        SHA-512:3635F2E1F00712D872F2B79B159F41C73EAE09B8A365D331325B89F3666900BCAD56DAC6B8A63BBE6216748FFF8FA474A9AD131DB4BF14F3441337EEB9DF6F9E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....#1..........." ..0..0...........N... ...`....... ....................................`..................................M..O....`...............<...(...........L..T............................................ ............... ..H............text........ ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............:..............@..B.................M......H.......L-..................0...8L........................................(....*:.(......}....*.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):173232
                                                                                                                                                                                                                        Entropy (8bit):6.261323355738202
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:bNcLPcNABKuTwIxpRoZgM4U2Ny1jb54rbHXrwZ2F3c:p1NAB9qZgM4U4qnQwl
                                                                                                                                                                                                                        MD5:ECA216927ED487613B7A042FC643BD8F
                                                                                                                                                                                                                        SHA1:030BBD6D404138A5DE6AD850269985372C89D9EB
                                                                                                                                                                                                                        SHA-256:5B8CCDDA36486950DE37484C25E1334376431E52176C32F87DD730690B273E3B
                                                                                                                                                                                                                        SHA-512:C234B5A11E14B5DA6CC940BC0D989C0F64C73E66CFE62970ECDB5DB37F1E86A163861987A947A3C6FE93291557356F1F1C1FBBFA2187DD61F4A9235C1E374E78
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'..........." ..0..p.............. ........... ....................................`.................................s...O....................|...(..........t...T............................................ ............... ..H............text....o... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B........................H...........(...........4................................................{....*:.(/.....}....*..0..)........u%.........,.(0....{.....{....o1...*.*.*v ..yN )UU.Z(0....{....o2...X*..0..:........r...p......%..{.......%q'....'...-.&.+...'...o3....(4...*..{5...*:.(/.....}5...*....0..)........u(.........,.(0....{5....{5...o1...*.*.*v ..:. )UU.Z(0....{5...o2...X*..0..:........r-..p......%..{5......%q'....'...-.&.+...'...o3....(4...*..{6...*..{7...*V.(/.....}6.....}7...*.0..A.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Memory.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):142240
                                                                                                                                                                                                                        Entropy (8bit):6.142019016866883
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rcyw/s:OB8l3/aK32qU
                                                                                                                                                                                                                        MD5:F09441A1EE47FB3E6571A3A448E05BAF
                                                                                                                                                                                                                        SHA1:3C5C5DF5F8F8DB3F0A35C5ED8D357313A54E3CDE
                                                                                                                                                                                                                        SHA-256:BF3FB84664F4097F1A8A9BC71A51DCF8CF1A905D4080A4D290DA1730866E856F
                                                                                                                                                                                                                        SHA-512:0199AE0633BCCFEAEFBB5AED20832A4379C7AD73461D41A9DA3D6DC044093CC319670E67C4EFBF830308CBD9A48FB40D4A6C7E472DCC42EB745C6BA813E8E7C6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`.......>....@.................................`...O.... ..@................'...@......(................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddInViews\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18024
                                                                                                                                                                                                                        Entropy (8bit):6.343772893394079
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:EybU8ndrbbT9NWB2WL/uPHRN7bhlsQVryo:Ey5ndvWbMPVryo
                                                                                                                                                                                                                        MD5:C610E828B54001574D86DD2ED730E392
                                                                                                                                                                                                                        SHA1:180A7BAAFBC820A838BBACA434032D9D33CCEEBE
                                                                                                                                                                                                                        SHA-256:37768488E8EF45729BC7D9A2677633C6450042975BB96516E186DA6CB9CD0DCF
                                                                                                                                                                                                                        SHA-512:441610D2B9F841D25494D7C82222D07E1D443B0DA07F0CF735C25EC82F6CCE99A3F3236872AEC38CC4DF779E615D22469666066CCEFED7FE75982EEFADA46396
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ....................................@..................................6..K....@..............."..h$...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\AddIns\AddIns.store

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):589
                                                                                                                                                                                                                        Entropy (8bit):5.254846093055834
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12:NJ5oDLI4MW0Tn1sJrK98AsoDLI4MWJcK98AsoDLI4MWhtHFDEX/:9AE4gTGJrKrsAE49cKrsAE4zFgv
                                                                                                                                                                                                                        MD5:16829DF43ABC7FD08EF2D7B574D59D38
                                                                                                                                                                                                                        SHA1:0A033135109B993241D538044ED36DB6732F6564
                                                                                                                                                                                                                        SHA-256:82EF71E8965997C44AFE6B15B8C9C119A3755162AB929CAA5949B33B64B85FA6
                                                                                                                                                                                                                        SHA-512:5545805C021A866649264A1BC14BA2D6CBBDE813E29A8D97BFED40110B8DADBDE7201C46BAFCDDFB632935A85509BEC19C37C7CE126A8F69AC021B84681193CD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:....A.............................OSystem.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089.....)System.AddIn.Hosting.AddInDeploymentState....._addins._fileCount....System.Collections.Generic.List`1[[System.AddIn.AddIn, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].....................System.Collections.Generic.List`1[[System.AddIn.AddIn, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]....._items._size._version....System.AddIn.AddIn[]...................................System.AddIn.AddIn.....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HCL.Shared.Contracts.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.689631530438923
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Oj1jV2K3S+/Ftv/2vtJ3xIYiAreviAM+o/8E9VF0NydL:Oj1CGb/2vtJ3mYiRviAMxkEn
                                                                                                                                                                                                                        MD5:905E4ED395AA5B1F78B40D99D4C95115
                                                                                                                                                                                                                        SHA1:D65145FF92E09FA3BBE7A6FC80267AD06370DE09
                                                                                                                                                                                                                        SHA-256:D9545A7164C9952E3A70051CBB1D023D76AB3BAECC8CB244A5918C7360F105F0
                                                                                                                                                                                                                        SHA-512:FEF3D2005BC1B8A3EA210C7694F1010FB495B329CB07A4105B8BD4016A771115AFF1E93D1397C8D393CE5E538DC1257B9B95938B7F53A78280E5AB8861F87A12
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............N2... ...@....... ...............................O....`..................................1..O....@..h...............H(...`.......1..8............................................ ............... ..H............text...T.... ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B................02......H.......h .......................0........................................(....*:.(......}....*.BSJB............v4.0.30319......l.......#~......H...#Strings....4.......#US.8.......#GUID...H.......#Blob...........W..........3......................................................................y...........$.....$...W.....U...........,.......................5.D...k.......................I.$................._.....$...+.................e.......................'...................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Contracts.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):57928
                                                                                                                                                                                                                        Entropy (8bit):6.14002636086903
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:m+XYejRrqF6P348mccolOj0AETww8RabOAcTkQJ8eYiRv0vAMxkEC:PY+WF6XmbolnbSdv7NSxm
                                                                                                                                                                                                                        MD5:4DF29E7D24214A0DE7230F460EDA621A
                                                                                                                                                                                                                        SHA1:1235EF993320E1B043CA0BE4D69378C73191A9DB
                                                                                                                                                                                                                        SHA-256:99B26A281EA28D19D9EB245A2A7D1E0F69F9EED7CA0586DEAC1DB41697C0999D
                                                                                                                                                                                                                        SHA-512:5A8912398D72DC3F08216A85ACE9E9B7912C35B53897F9ED7268EE368021D6A3FAB40246EB1231B15E0184394F616B49C89F95CB5369B645F78D36DE095ABF6C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m............" ..0.................. ........... ....................... ......2.....`.................................J...O.......................H(..........(...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................~.......H.......h ..@.............................................................(....*:.(......}....*.BSJB............v4.0.30319......l....O..#~..<P...J..#Strings....,.......#US.0.......#GUID...@.......#Blob...........W..........3........<..._.......4...p...........u...t...A.......r..........................).....).....(...).......#.....#..f..#.....#..5..#.....).....)..P.....2..#..O..#.....).....#..u..#........S..)........k4..........n.I(...6.6...@.3...A.3..{E.......6..:..4....d/..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.HypervisorCommunicationsLibrary.Models.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22600
                                                                                                                                                                                                                        Entropy (8bit):6.641758028170825
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:yBMFcXKGSGC0BnhretBvE5G5rJhoIYiArevaZHTAM+o/8E9VF0NybZj:iUcXbjthrKFE5G5rJhxYiRvaNAMxkEL
                                                                                                                                                                                                                        MD5:749212B058ABED51628D55162FD2DDB9
                                                                                                                                                                                                                        SHA1:6B7EB15CDDA438B6638AE13C0108A6A629A32401
                                                                                                                                                                                                                        SHA-256:ABA2D87AFD0B997EE6C38E91E9DE732156C7256F23B92E3CF10518E1A66098FB
                                                                                                                                                                                                                        SHA-512:E61A94F2A8EBB0993F02B9D6BACB27ACFF46245D92B47D589CD18DFF805177E909D070655A6348F14D12932CC293A44EAAFEE6A3D538DE39A72E5750E4B78D6F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..&...........D... ...`....... ..............................:R....`.................................4D..O....`...............0..H(...........C..8............................................ ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B................hD......H........#.......................B........................................(....*:.(......}....*..0..d........(......(......(......(.......(.......(.......(.......(.......(.......(.......(.......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*r.(......}......}......} ...*..{....*..{....*..{ ...*.......%.r...p.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.ManagedMachineAPI.Contracts.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):33352
                                                                                                                                                                                                                        Entropy (8bit):6.348080149070903
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:GM7Kg9oUuYHjf+/GXvyJ3dYiRvOAMxkEB:j7mUuYHa9X7N8xt
                                                                                                                                                                                                                        MD5:97E6E5B26D600DFCA5ECC1436F9C1841
                                                                                                                                                                                                                        SHA1:49DAC17DA2EDD6ADA42B6A0B9295F46F42DE3C1A
                                                                                                                                                                                                                        SHA-256:568376892905FFE632FC14D16A636D77741336BA4F04CB5C85AEFADF4C9BE476
                                                                                                                                                                                                                        SHA-512:DB961502138BB98A1E516D98D8BFC9CE752473FA9D903E9883E5D49C86992E9A9B956AD36AE1745D2133DC8AF909100BFFE79BE6BEE8B373D25AA63F4E269CE9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\+..........." ..0..P..........Bo... ........... .............................._.....`..................................n..O....................Z..H(...........m..8............................................ ............... ..H............text...HO... ...P.................. ..`.rsrc................R..............@..@.reloc...............X..............@..B................"o......H.......h ...M..................hm........................................(....*:.(......}....*.BSJB............v4.0.30319......l....#..#~..<$..l...#Strings.....C......#US..C......#GUID....C..D...#Blob...........W..........3........(...E...w.......u...G.......g...^...#...p...........................Z...........4.m.........\...................................H.......................&.................s.t...............=............................."...........7.....+.!.........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Citrix.Xaxd.Utils.Strings.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32840
                                                                                                                                                                                                                        Entropy (8bit):6.432250699968588
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:QHOWSvOnkGc0Ak+i40lzgAqrQLFPsnJEIYiRveAMxkEho:iOWKOnS0Ak+pnXNF7Nsxi
                                                                                                                                                                                                                        MD5:54ABD6D1EEF5FD0803A5CBE83E3B0CEC
                                                                                                                                                                                                                        SHA1:2F7555EDE62A7D4CA4CB4CAE7C647F61190FEF3E
                                                                                                                                                                                                                        SHA-256:4D956E05185160C5FD50F9BB676193F3EE7BD5AB69505FD7C5D9ABBD2F938731
                                                                                                                                                                                                                        SHA-512:EF30307461B381A73391E8FDBE5058097A8B136B9992FE29B6D0D50682659653307974F3B20C1E296CA50528015FD4C6CC7C73EED4ECA1D7471890BCF97DB280
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..N..........Jm... ........... ..............................c.....`..................................l..O....................X..H(...........l..8............................................ ............... ..H............text...xM... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................)m......H........8...3...................k........................................(....*:.(......}....*..0..p...........7....(.......8....+=..o......(....r...p(....(........%.X.r...p..r...p(....^(.......2..s.........,..o.......*........Tc.......0../.......(.....+...8......o...........4......,..o......*..........#.......0..G........(.....,+..}......(.....( ...}......|....(!...}....*..}.....~"...}....*..0............(.......(.....*.....................{....*.0..2........(....,(s#.....(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FMAUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):53832
                                                                                                                                                                                                                        Entropy (8bit):6.291618786751576
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:OX6XG5H6R4Jn0sBC3ZRRIsUUMKeD8L7NyKxdC:S6XG5aR4URRXU7ILhk
                                                                                                                                                                                                                        MD5:C35697FA55E4E1DAFB826A0649A3EAC4
                                                                                                                                                                                                                        SHA1:B68CC146E4ACFD614C4BE26432CDD2A15874D6C9
                                                                                                                                                                                                                        SHA-256:FD522D60C27FF7202A8F2CE9E58091069892EB1CA9D475AC50B2987ED2ED6FEE
                                                                                                                                                                                                                        SHA-512:20857724746AE42A66456FAF9D722CCF3B03B3CB268B82F6EA7FF8E6CF26E0710290B0AB9A38ED4BC67A8BC644119C3CF74D03915C5B25227F56576C3AE70310
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S^5..........." ..0.................. ........... ...................................`.................................:...O....... ...............H(..........`...8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................n.......H........J...r...........................................................('...*:.('.....}....*..0..:.......s(......s).........io*......,..o......o+.......,..o......*......................(........0..k........s,....s(......s).... .....S.....+......o*..........io-...%.-....,..o......o+........,..o......,..o.......*..(......+@..........GT..........W^.......0...........s......%-.&(...+o0....8.....o1......(2...r...p.(3...,!..(4...(...+.3....(4...(...+o7.....(2...r%..p.(3...,!..(4

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaEnv.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19528
                                                                                                                                                                                                                        Entropy (8bit):6.6642651332110745
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:3WiWoaUzPHF38Lvrd2SbIYiArevKAM+o/8E9VF0NyAca:QyHF3erd2SkYiRvKAMxkEk
                                                                                                                                                                                                                        MD5:D8FAAB044E2CB8B06F22FC8AE4BE4065
                                                                                                                                                                                                                        SHA1:521A25E4C645DD349BFBBE6B9AFCEA9304CE37F8
                                                                                                                                                                                                                        SHA-256:5ACFDD60C8357314978F89D692BB690E5FD0B624A6254C6E71306C8AE2BFA413
                                                                                                                                                                                                                        SHA-512:5F710A526EB3092E540F43DB5784851DDBD1D36C44A8F245206B57E38335B112F0C0F567385785AB475F40C2556C0CB0D4E37EB0906FB21D6CC40FE6882E111E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(i............" ..0.............^8... ...@....... ...............................9....`..................................8..O....@...............$..H(...`......,7..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................>8......H........".......................6........................................(....*:.(......}....*&(.......*....0..,............(..........(....-.(......s..........*.*.0..,............(..........(....-.(......s..........*.*2.s.........*..~....%-.&~..........s....%.....(...+*..~....%-.&~..........s....%.....(...+*..0..Z.......(....r...po......-.r...p(......(....-..(....*(....( ...,.(!.....(....-..(....+.....&...*.*........9..S.......0..=.......(....r#..po......-.r#..p(......(....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaFeature.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):46664
                                                                                                                                                                                                                        Entropy (8bit):6.5350647996431235
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:QPoVeBvr+SmBb/Acos2BiosUp+pqF049FaEmtK4ollWVV6brYiRvVAMxkEQV:QPtBjGBFo1ifUpuxFEmtK4Da/7NtxQ
                                                                                                                                                                                                                        MD5:149A58B07659288CF5AF12F281DC81D4
                                                                                                                                                                                                                        SHA1:32687CC91DFCE5FEB52AA33AC332BACFD057631F
                                                                                                                                                                                                                        SHA-256:DF17B2AE275E17F019D7B90243D7435254EDECD2BD557CFF7B083D14FBE78C66
                                                                                                                                                                                                                        SHA-512:20C5B545AA4FA44EC63478631BFB7AB127E7479FD22F8BA4F24B0D881B255A5B93BBE4614B1E890BB96CF2429520AC1FF2845E45B7F459385A9EECA0D9C4C3E3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#............." ..0................. ........... ....................................`.....................................O.......................H(..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........#..4...................8.........................................(....*:.(......}....*..0..x........s ...}+....(!....-.r...ps"...z..%-.&r...ps"...z},....o#....+%.o$.....{+...s....%.}....%.}....o%....o&...-....,..o'....*......<.1m.......0..[.........}-....{+...o(....+1.o)......(....&r1..p..|..........o*....{....(...+.o&...-....,..o'....*.........=P.......0.............{+...o(....+^.o)......(....,Nr...p..!...%..{-....%..|..........o*....%..{........0....%..{.....0....(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaLogging.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):126536
                                                                                                                                                                                                                        Entropy (8bit):6.157244812120886
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:p+T0ALDroBX1thLGeopppS555KiTTTnjo/ApuOhSIrXhp0:p+WlthLGeopppS555KiTTTn5bBVG
                                                                                                                                                                                                                        MD5:DD5B712CCC880DD1C0B5CFDA72517BC0
                                                                                                                                                                                                                        SHA1:187129207C0BC10B84D39306A284B509798FBF49
                                                                                                                                                                                                                        SHA-256:DA7AF58ECC243F7195991A27C0D79C9C5876E189A5B08531E65E681548C580F4
                                                                                                                                                                                                                        SHA-512:39E4E39F8B4405EDE896F5FCE90189C0B6FC6BF6E45DC348E4F1FE66D787E8C15677FC936054A508E6AA9AD8C8DE49F006F70F30EADA5128A0AF9EF45A658014
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........." ..0.............f.... ........... ....................... ......n.....`.....................................O.......,...............H(..........4...8............................................ ............... ..H............text...x.... ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B................F.......H...........(5...........................................................(2...*..(,...*^.(,......}...%...}....*:.(,.....}....*:.(,.....}....*...}.....~C...o-...}.....{......(....o....&..}......}....*..0..D.........}.....~C...o-...}.....{......(....o....&..}......,..(....+..}....*..o/....~...(0...(1...,.......(0...o2......*.*2.{....o3...*..{....o3....{....,.~C....{....o4...*:..}.....{....*F ........ZX(5...*:.{.....o6...&*..{....,..{.......(...+o6...&*.,..{.....o6...&*..0..4...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\FmaServiceStatus.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.801463268755362
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:cP6qaw9Vw+tfIYiArevbnAM+o/8E9VF0NyS4aC:nK9Vw+GYiRv7AMxkEbl
                                                                                                                                                                                                                        MD5:EB9DBE564B232FA8F78CC472113243CA
                                                                                                                                                                                                                        SHA1:501992A17118C53FEFA36D16E386675C3A873FE8
                                                                                                                                                                                                                        SHA-256:840777324327B5CC70D52758E07F793CB9B702050620CA9B98596D2A1FEAD73D
                                                                                                                                                                                                                        SHA-512:F72DCDD620031AE38951F5B1CAEDE0CB31FC7332FB5CCD49C3831B08370C2CD73AC5263C3DF141C888A10CC12EEF79246C3B2645BCA43C1D8BB7040F43F78602
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............3... ...@....... ....................................`.................................~3..O....@..$...............H(...`.......2..8............................................ ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................3......H........!..h....................2........................................(....*:.(......}....*..0..'........(.......}.......(...+,...}......}....*..{....*..{....*..0...........(.............o....*....0...........(.............o....*....0..I........u......-..u....,........+..u......-.+...(.....+...(.....+...(.....+....*..,..(.....o....3..(.....o......*.**.(.......*..0.. ........,..(.............o.....(....*.*BSJB............v4.0.30319......l... ...#~......@...#Strings........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.Logging.Abstractions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):66168
                                                                                                                                                                                                                        Entropy (8bit):6.244232305822381
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:bJSQpn6Ge9qAeIbNGgc+EnOZV2k8tDbBJKrwMuwZ5Xsel7Zuo7zZBTJRBttY4h0G:bbyqwNGgTtHXnZhttgOVeLfVjzSt
                                                                                                                                                                                                                        MD5:1A5BFF28FB38234646951AA48DA14620
                                                                                                                                                                                                                        SHA1:476E699A9AD01E6A455783497F57A9322D657F63
                                                                                                                                                                                                                        SHA-256:5BBE7C1D06585CAB5482B50B87A0DF3476A7617C5D849A75D6D91E013F2BC877
                                                                                                                                                                                                                        SHA-512:88CE7AC8F61DEB8D99AEFA6AFBE11EDD033D0274D1F69B51F2C099ABD99BFEAC66B6252E9F7B5BF52FFCC983618BF11590EF27B387CF61C22DF16DA70717FBC8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."Y#..........." ..0.............B.... ........... .......................@............`.....................................O.......................x(... ..........T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................#.......H.......|P..(...................d.........................................("...*..("...*..("...*^.("......G...%...}....*:.(".....}....*:.(".....}....*:.(".....}....*:.(".....}....**.-..(....*..s#...z.~....*...0..........(....,..*..(.....o$......&...*...................0...........(.......(%...-..,..*.*.(....,.r...p......%...%...(&...*..('...*.(....,.r...p......%...%...%...(&...*...((...*.(....,!r...p......%...%...%...%...(&...*....()...*..,&(....,..r...pr...p.(&...(*...*..(+.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\Microsoft.Extensions.ObjectPool.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25352
                                                                                                                                                                                                                        Entropy (8bit):6.507177539992328
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:3SvZrQrgFOADPcdpr0Wc32QW0NvTb2HRN7QVEnR9zVHpXW:3EugcwUdpWNv/iaER9zVJXW
                                                                                                                                                                                                                        MD5:3E1A7A9976DDE8020A6BB3F6F1A27600
                                                                                                                                                                                                                        SHA1:DC6E70E86FCF5EFA28C93D05B6CC77579BC15C02
                                                                                                                                                                                                                        SHA-256:4EB25A717DED583DBF26069D1EBC5A101CBB0060F3935F26447216CBBA53FA28
                                                                                                                                                                                                                        SHA-512:AC659CA2E0C2C6E5C8A2C12D15E5EAA8D0A252EEDC5DEB5B2BE605C3AA15A8CD2711B9B7C295EFE3D82F9DAE722D11621C9BD31D7765CC85DD5A7FF51124AF8B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........." ..0..0..........:N... ...`....... ..............................>.....`..................................M..O....`...............:...)...........L..T............................................ ............... ..H............text...@.... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................N......H........'...$..................pL........................................(....*^.(....... ...%...}....*:.(......}....*:.(......}....*:.(......}....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(.......!...%...}....*:.(......}....*..{....*z.(......}.......!...%...}....*V.(......}......}....*..{....*..{....*>..(.....Z(....*....0..V..........}.....(......{....%-.&r...ps....z}......{....u...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\PluginUtilities.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):42056
                                                                                                                                                                                                                        Entropy (8bit):6.302694163897485
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:0YBj8FwMf5zlGKH7c5xfFDBKpB4+JXGISa/kfXg9JBGAru5qxYiRv0AMxkE5Y:YFwMf5zlGKYLzKH4+pG8MfXgvX6w7NSw
                                                                                                                                                                                                                        MD5:03EC9714F8C6DC2E5FC6BEB95EDA2324
                                                                                                                                                                                                                        SHA1:F6D834323D35E4D59C5C526247C0548F3610628E
                                                                                                                                                                                                                        SHA-256:D45F9255D8F6C63B12A82FF212A4A17BF0A9829E333226FDC88EDED52D1042E6
                                                                                                                                                                                                                        SHA-512:B170B1758FFB2863DE002F8425B45BF215CC42AD76960821717433F90BC658C74A42C506C71245F49B331759AB652156D5201C7D9E5DC74BB755EC358194BDE3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].@..........." ..0..r..........&.... ........... ..............................m.....`....................................O....................|..H(.............8............................................ ............... ..H............text...,p... ...r.................. ..`.rsrc................t..............@..@.reloc...............z..............@..B........................H.......4:..@T..................t.........................................(....*:.(......}....*:.s....%.o....*f.-..-..*.,..-..*...(...+*.0..T........-.*.~....%-.&~..........s ...%.....(...+o"....+..o#......o$....o%...-....,..o&....*....../..I........('....s(...}.....s)...}.....r...p}....*>.('......(....*....0............-.s(...+.(*...s+...}......}.....-.r...ps,...z.~....r5..p(-...o....o/....+1.o0...(......{.....o....o1...-..{.....o.....o2....o%...-....,..o&......o3...}....*..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\System.Buffers.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20856
                                                                                                                                                                                                                        Entropy (8bit):6.425485073687783
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
                                                                                                                                                                                                                        MD5:ECDFE8EDE869D2CCC6BF99981EA96400
                                                                                                                                                                                                                        SHA1:2F410A0396BC148ED533AD49B6415FB58DD4D641
                                                                                                                                                                                                                        SHA-256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
                                                                                                                                                                                                                        SHA-512:5FC7FEE5C25CB2EEE19737068968E00A00961C257271B420F594E5A0DA0559502D04EE6BA2D8D2AAD77F3769622F6743A5EE8DAE23F8F993F33FB09ED8DB2741
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ....................................@..................................B..O....`..@...............x#...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\Contracts\System.Memory.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):142240
                                                                                                                                                                                                                        Entropy (8bit):6.142019016866883
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rcyw/s:OB8l3/aK32qU
                                                                                                                                                                                                                        MD5:F09441A1EE47FB3E6571A3A448E05BAF
                                                                                                                                                                                                                        SHA1:3C5C5DF5F8F8DB3F0A35C5ED8D357313A54E3CDE
                                                                                                                                                                                                                        SHA-256:BF3FB84664F4097F1A8A9BC71A51DCF8CF1A905D4080A4D290DA1730866E856F
                                                                                                                                                                                                                        SHA-512:0199AE0633BCCFEAEFBB5AED20832A4379C7AD73461D41A9DA3D6DC044093CC319670E67C4EFBF830308CBD9A48FB40D4A6C7E472DCC42EB745C6BA813E8E7C6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`.......>....@.................................`...O.... ..@................'...@......(................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.HCL.Shared.Adapters.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):27720
                                                                                                                                                                                                                        Entropy (8bit):6.530837073092152
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Mrtnm6oE866ZMDJtx+KKqJiiYiRvOAMxkEiP:N66ZM7p7N8xmP
                                                                                                                                                                                                                        MD5:0DFFA9A726EC6AC8931180B237BDC56B
                                                                                                                                                                                                                        SHA1:2683CD94CD15F700DC889D1BDF83A138F0DE9737
                                                                                                                                                                                                                        SHA-256:650555F1BD6A1D72591C147195282D642F0053CB812C4ACB96EDC55085E08CE1
                                                                                                                                                                                                                        SHA-512:91C10DAB8EFA50BBB0B639D839F19E9BB71150ABFDCA518A1E6A94D739EECDF62E0FEF4C09CB439968D30AFC4662E6105DA15EB904944DD0F669843B390B919A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%k..........." ..0..:..........:Y... ...`....... ..............................9.....`..................................X..O....`..h............D..H(...........W..8............................................ ............... ..H............text...@9... ...:.................. ..`.rsrc...h....`.......<..............@..@.reloc...............B..............@..B.................Y......H........)...-..................pW........................................(....*:.(......}....*..-..*.o.........(....(....,..t....o....*......s....*..-..*.o.........(....(....,..t....o....*......s....*..-..*.(....-#.o.........(....(....,..t....o ...*......s!...*..-..*.(....-#.o.........(....(....,..t....o ...*......s"...*..(#.....%-.&r...ps$...z}%.....}&.....}'......}(......})...*..{%...*..{&...*..{'...*..{(...*..{)...*2.(*...o+...*2.(*...o,...*..(*...o-...(...+.(/....(0...(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.HypervisorCommunicationsLibrary.HostSideAdapter.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):272456
                                                                                                                                                                                                                        Entropy (8bit):6.198803871592957
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:SF3RQzHb3L/L/d10smiwlL9AacslZlHPQ+g9Pek3I+D0ME4:IsmiwlZ68ZtpQ7E4
                                                                                                                                                                                                                        MD5:A0334C02833FD56C4ECFF6407C2F61E7
                                                                                                                                                                                                                        SHA1:82EF76AD84CBFC2F08D13B93A02F6E8F4A862585
                                                                                                                                                                                                                        SHA-256:FD2D7C9B862F053F99561D1AC0B811A351644CF592A563BA8C486464DFCA0054
                                                                                                                                                                                                                        SHA-512:C1CF56BA91A9387FACADD47DCE723FA2AB8794744324D963AA03F5FA30E86304366B0E3E9E1480EA48CE66CEB4545094A1B72B06171E966C3F96D3C64961559F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q..........." ..0.............r.... ... ....... .......................`......)H....`.....................................O.... ..................H(...@..........8............................................ ............... ..H............text...x.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................R.......H..............................p.........................................(....*:.(......}....*z..o....o......o....o....s....*z..o....o......o....o....s ...*F.{....o!...(....*F.{....o"...(#...*..{....-..{.....{....o$.....(....*...(.....{....-..{.....{....o%...*..{....-..{.....{....o&.....(....*...(.....{....-..{.....{....o'...*....0..M........((.....}......{....s)...}............s*...s....}............s+...s....}....*....0...........{....o,.......(-.....*..................0..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\HostSideAdapters\Citrix.ManagedMachineAPI.HostSideAdapter.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):114248
                                                                                                                                                                                                                        Entropy (8bit):6.187541789550847
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:f7QoZe/G9QmR1ZckIYeGopei71cQby/Z/nbUH6C82QCttoBV57yU7NzxT:f87G9XZF6eiSQbKZ/nbDyQw2D2Uhp
                                                                                                                                                                                                                        MD5:6A9FBD4B8E57F05D2967C48D806858AC
                                                                                                                                                                                                                        SHA1:FEF89F819FA616222006176E9E5E53965FFE4A24
                                                                                                                                                                                                                        SHA-256:14848822BD8F14215DF3F557EA135B7C23D4DB0F3DFCCFD22150989F5F1C76C9
                                                                                                                                                                                                                        SHA-512:2D00C43431A282C934B9238FCFEB18697261CEA7E9DDF4886EEF3AE4653AB78DC6B7A144B847F29D8082FCB537877773B08BA3A84CFD0F05AFAEFD35ED5FBA47
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ..............................\.....`.................................Z...O.......................H(..........H...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................................................................(....*:.(......}....*z..o....o......o....o....s....*z..o....o......o....o ...s!...*F.{....o"...(....*..{....-..{.....{....o#.....(....*...(.....{....-..{.....{....o$...*..{....-..{.....{....o%.....(....*...(.....{....-..{.....{....o&...*..{....-..{.....{....o'.....(....*...(.....{....-..{.....{....o(...*..0..d........().....}......{....s*...}............s+...sY...}............s,...s]...}............s-..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipeline\PipelineSegments.store

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36010
                                                                                                                                                                                                                        Entropy (8bit):5.468356478417086
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:JLNtNYn15QmO2jN7NWnG5lmk2188b6sb6Xa8b88b6sb6Wk83b6zg67VUEQ3l0jrw:Oiva9CjWb80
                                                                                                                                                                                                                        MD5:0FEA1E34517EE6A97893BF7AA5722ED0
                                                                                                                                                                                                                        SHA1:784D09367F71D108ED52B4D35F46FDE55FA94987
                                                                                                                                                                                                                        SHA-256:6BFAB3B021EA78B64F3EC8063FCD381A1B4FCA6629F605DEDEC9DD5BCDC483CF
                                                                                                                                                                                                                        SHA-512:6F1A52719A9D6917075EB186056F4CB6478606A8CE8BA6A4A6194F4AB4E62E4119EB81EF290FD502277C889F80433856A2CF7F63083A3132929A2EC6B0F46C6B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..................................OSystem.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089.....,System.AddIn.Hosting.PipelineDeploymentState....._hostAdapters._contracts._addinAdapters._addinBases._partialTokens._fileCounts........System.Collections.Generic.List`1[[System.AddIn.HostAdapter, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..System.Collections.Generic.List`1[[System.AddIn.ContractComponent, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..System.Collections.Generic.List`1[[System.AddIn.AddInAdapter, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..System.Collections.Generic.List`1[[System.AddIn.AddInBase, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..System.Collections.Generic.List`1[[System.AddIn.Hosting.PartialToken, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]~System.Colle

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Pipelines.Sockets.Unofficial.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):163328
                                                                                                                                                                                                                        Entropy (8bit):6.609639483612842
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:R4pnTDcGtp7zB5JDlHbRTiJtPw6PO0CFj+YMDqg9OkFcmrGFF5u2VU0kuIY:QTLtp7zDJDlHbRTiJtPnpwF05HuI
                                                                                                                                                                                                                        MD5:73D7882CD5229EA79ED395D2C428A0F1
                                                                                                                                                                                                                        SHA1:F1DD238747FF126488D9B3D0EC3479AA1A860792
                                                                                                                                                                                                                        SHA-256:E28FEC91CEC8AE9D07ECBBE976FCDABC193B0EA63136BE240071A94649E928CD
                                                                                                                                                                                                                        SHA-512:101AE47816DE37EC1FD291A447BCAF3459F925529E94FB8127E0B19D27091691F80064D78E839911BAE01510855546BD84110937B35DB2DE9B53D6BFDA1C5CCE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............" ..0..t............... ........... ....................................`.................................X...O.......$............................$..p............................................ ............... ..H............text....s... ...t.................. ..`.rsrc...$............v..............@..@.reloc...............|..............@..B........................H...........4V..................H$........................................(S...*^.(S..........%...}....*:.(S.....}....*:.(S.....}....*..(S...*:.(S.....}....*V!....L...sT........*2.r...p(....*"..(U...*&...(V...*&...(W...*2.r7..p(....*"..(X...*&...(Y...*&...(Z...*.~....*j.,.~.....o......*~.......*..{....*..(....*..{....*..{....*..{....*..{....*....0...........s[...}.....(\...../.ri..p(..........(]...}.....(....,...}......}.....(^...,..(_...o`.......oa...}.......}......+...(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\PluginUtilities.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):42056
                                                                                                                                                                                                                        Entropy (8bit):6.302694163897485
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:0YBj8FwMf5zlGKH7c5xfFDBKpB4+JXGISa/kfXg9JBGAru5qxYiRv0AMxkE5Y:YFwMf5zlGKYLzKH4+pG8MfXgvX6w7NSw
                                                                                                                                                                                                                        MD5:03EC9714F8C6DC2E5FC6BEB95EDA2324
                                                                                                                                                                                                                        SHA1:F6D834323D35E4D59C5C526247C0548F3610628E
                                                                                                                                                                                                                        SHA-256:D45F9255D8F6C63B12A82FF212A4A17BF0A9829E333226FDC88EDED52D1042E6
                                                                                                                                                                                                                        SHA-512:B170B1758FFB2863DE002F8425B45BF215CC42AD76960821717433F90BC658C74A42C506C71245F49B331759AB652156D5201C7D9E5DC74BB755EC358194BDE3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].@..........." ..0..r..........&.... ........... ..............................m.....`....................................O....................|..H(.............8............................................ ............... ..H............text...,p... ...r.................. ..`.rsrc................t..............@..@.reloc...............z..............@..B........................H.......4:..@T..................t.........................................(....*:.(......}....*:.s....%.o....*f.-..-..*.,..-..*...(...+*.0..T........-.*.~....%-.&~..........s ...%.....(...+o"....+..o#......o$....o%...-....,..o&....*....../..I........('....s(...}.....s)...}.....r...p}....*>.('......(....*....0............-.s(...+.(*...s+...}......}.....-.r...ps,...z.~....r5..p(-...o....o/....+1.o0...(......{.....o....o1...-..{.....o.....o2....o%...-....,..o&......o3...}....*..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Polly.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):248880
                                                                                                                                                                                                                        Entropy (8bit):6.262583588633683
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:8RnLiEfuwr1JXhtC6Nv/PNZVp/gIaL8yo5Olb:T9wr1M6di
                                                                                                                                                                                                                        MD5:C9C70DDD9354C2C318FE98D648B99EFE
                                                                                                                                                                                                                        SHA1:E156E2F00FC0F8429936E7182F901EF2543FD215
                                                                                                                                                                                                                        SHA-256:F5F30067F16D17F1540FEEFDB057D89DBD72394179900289C658E28C73B200FC
                                                                                                                                                                                                                        SHA-512:B3604F9FD071D27BD54992D3A50D89AAB2964AD9A5C79809AACB81D0ACA91F154E9622F18DF20051CF071CFC4880EE794473B49EC75529B3D73DE936507545FF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........." ..0.................. ........... ...............................>....`.....................................O.......................0,..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........*.....................t.........................................($...*^.($......s...%...}....*:.($.....}....*:.($.....}....*:.($.....}....*.~....*..(%...*.(&...*..0..R........o......o....%-.s'...z.o(......().....(*...X..~....6..~....2.~....+.~.......s+...*.(,...*.~-...*.(....*..0..*........o.......j0.s'...z..Yl#......cA.l[Zjs/...*:...o....(....*f.-.r...ps0...z.....s....*..0../.......s.........~1......(2........~3......(2........*:.($.....}....*..{....*:.($.....}....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Polly.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):293424
                                                                                                                                                                                                                        Entropy (8bit):6.209153585385935
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:VTm4zDePrQlrQlrQlrQJRilRi9rFrFrFrrrQ24QlrQlrQu4QlrQ7rFrFrFr9rFr1:xmKePrQlrQlrQlrQJRilRi9rFrFrFrrx
                                                                                                                                                                                                                        MD5:D8BD3D8AAEB4B93EF814321C2E368E9B
                                                                                                                                                                                                                        SHA1:09CE7680AE0E1F6F14A46DF3788C9BB6DC184D67
                                                                                                                                                                                                                        SHA-256:12697903237F9F44E1448C28511635624BD91C4CF49E33B6EA8117856166DD50
                                                                                                                                                                                                                        SHA-512:32B8A05DF216F5E6FC64ACCBBD0B59CAB173B4B88DE5E2011B462CF72596BE60765D09674B702F008A26C634F68244EDC171359AEB3D201CBE34C0D8390711D7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m&............" ..0..F..........re... ........... ....................................`..................................e..O....................N..0,..........`d..T............................................ ............... ..H............text...xE... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B................Qe......H.......X^.......................c........................................(9...*^.(9......i...%...}....*:.(9.....}....*:.(9.....}....*:.(9.....}....*r.{....,.r...p(H...z..}.....*r.{....,.r...p(H...z..}.....*"..(M...*"..(N...*....0..,.......s.......}............s:...s{....{.....(....*.0..-.......s.......}............s:....s.....{.....(....*....0..(.......s.......}............s:.....{.....(....*.0..'.......s.......}............s:...s{.....(....*B...s......(....*......(....*.0..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ProxyCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):68168
                                                                                                                                                                                                                        Entropy (8bit):6.036272390136217
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:JyF16Zh9ACMom1UOphbbQFVqdCZpe47NkHxC:jjMom1UOphvAqdCZI4h/
                                                                                                                                                                                                                        MD5:CAB7BA0EE540A3AFE982D4FDE47897DD
                                                                                                                                                                                                                        SHA1:3C91C088CEFDDB5E2C0E48969E572976357033F5
                                                                                                                                                                                                                        SHA-256:99FC1F2C80D93EF8E165313EEA9E70A636B675EA185EE85FE6EA673544D2D0BD
                                                                                                                                                                                                                        SHA-512:45E91573E4265F98F8475332AAD6F6323F115BF3AE0ACF3E94B37B455778FD933C4F73EC02075440433461E76D2B8576A187F3B62599B9DF653E3B442C7E72CF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...).*..........." ..0.............N.... ........... .......................@.......t....`.....................................O.......................H(... ......$...8............................................ ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H........E................................................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*..(....*..(....*Br...ps.........*>...~.....(....*>...~.....(....*......(....*..( .........s!...}.......r...p("......s!...}....*f.{.....o#....{....o$...&*^.{....o%....{....o%...*^.{....o&....{....o&...*Fr)..p.("...('...*^rg..p.r...p.((...()...*6..o*...(....*.*..(+...*.0..i.........-..+..(,...%-.&.+.r...p(-...tb...o......-..+..(,..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ProxyFmaSupport.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22088
                                                                                                                                                                                                                        Entropy (8bit):6.660720675069018
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:6Js/0Arx4iVEbsEhsJF5MPIYiArevDnSAM+o/8E9VF0Ny4xAs:6Js/0diiFh6F5MwYiRvOAMxkEvs
                                                                                                                                                                                                                        MD5:5725C43C0C484879E5C8669A66F46C56
                                                                                                                                                                                                                        SHA1:354884F7047F0D931440CEE880A6380D94B9936F
                                                                                                                                                                                                                        SHA-256:115532747E49400418B65A7E7C451BB4BDA52EF80B4C27750C660A61FDB7E689
                                                                                                                                                                                                                        SHA-512:1B02C7BCF7E9176412F8F857328A07E4F6C18490AF6D0AF4A278CE8C2AB711D7478FB74C3E92BD8AB9F53C127E61FFC30646B24742AD4D282DF409C2EF2C4CB9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c............" ..0..$..........2C... ...`....... ..............................i.....`..................................B..O....`..................H(...........A..8............................................ ............... ..H............text...8#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H.......H$..0...................xA........................................(....*:.(......}....*..0..J.........j..s....}.....(............s.....#........(....#......N@(....s....}....*6..s....o....*..{....*"..}....*.s....z.0..!.........(...+....o....o.....o ...(....*.r...p*..*..*.s....zj..(...+o....o.......o!...*.s....z.*^.{....o"....1..{....*.*....0..)........{.........(#...t......|......(...+...3.*....0..)........{.........(%...t......|......(...+...3.*.*.*n.{....,..{....o&..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\RebootSchedules.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):52296
                                                                                                                                                                                                                        Entropy (8bit):6.043324646202701
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:KEChI04HQskTAUbcVr7OOv1jyadar6ZVTB4/nEqTtjNl5C2YiRvtTWAMxkEU9vY3:jChI0PsEbUTv1jyada+Z58RRz7NtTkxD
                                                                                                                                                                                                                        MD5:554D3D1B24654CBC63CE9DD126598C68
                                                                                                                                                                                                                        SHA1:2BA151ABFF95DF31777505FEBB1C5BB5DA206473
                                                                                                                                                                                                                        SHA-256:94D2F12D69F167CE9BA5274D40A453BB557985A8B5BD9D240CB5B9252B54B811
                                                                                                                                                                                                                        SHA-512:7D57C25A2A3D8A8D2A75492DA4252934B6E075F755A260EB299EBE32A004573803C8A268906212984E9EBC62C3C73FB0AF4B434D93BBFB2CA2063ACFD104075C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m............" ..0.............b.... ........... ...............................n....`.....................................O.......................H(..........(...8............................................ ............... ..H............text...h.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................D.......H.......,J..|m............................................................(....*:.(......}....*2.{....o....*2.{....o....*&(.....<Z*&(.....<Z*2(....(....X*.(....*.r...p*.0..Q........s....}.....s....}.....(......}.....~.....o....(....}......{.....( ...(!...}....*....0..G........(....o".....}........"...s#...s$...%r'..po%...%.o&...}.....{....o'...*..0...........{.....((...,.*.(.....(....o).....-.*.o*....+l.o+......(.....\..{....rg..p.o,....(...+.o,....o....,..o/...+..o0....o....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\RegistryCounters.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36424
                                                                                                                                                                                                                        Entropy (8bit):6.245472234813582
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:naN4VAmjQM07pXCVwHBYiRvO3AMxkEU3o:nAi0XNh7NkxUo
                                                                                                                                                                                                                        MD5:8A70220B6A8CCE98AA6419E44FC34245
                                                                                                                                                                                                                        SHA1:7F3E36E87AB8DB7C83FE71391BF1A4068900F6E9
                                                                                                                                                                                                                        SHA-256:86B44B2BDF17F9264FB602788163B3635AA1F55A9441CD1FC24C64D7163FC0AA
                                                                                                                                                                                                                        SHA-512:98B75502BCB0254FA53E0C7E2C18F2B76FDB284525AE0489CBD795523F001B37623225669644A90DFB8EDAFB3A16D00C6D80A7EB9D7905BF56765AB368173E4A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Fj..........." ..0..\..........Bz... ........... .............................."^....`..................................y..O.......$............f..H(...........y..8............................................ ............... ..H............text...HZ... ...\.................. ..`.rsrc...$............^..............@..@.reloc...............d..............@..B................"z......H....... ?..l9...................x........................................(....*:.(......}....*..{....*"..}....*>#......8@(....*..{....*>#......$@(....*..{....*...}.....{....,..{....~.....(....o....&*..{....*.0...........s....}.....s....}.....(.....mr...pr...ps....r...p(......-.r...ps....z..}.......($...}.......}......(....,....(....(....+,( ...r*..po!.....("...,...(....+..(....(.....,$..d(.....(....}......{....o#...}......~$....{.....o%...}.....4&..... ....r...pr...ps....rn

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\RemoteHCLClient.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1478728
                                                                                                                                                                                                                        Entropy (8bit):5.795446606132023
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:6ST2Xua5idkbcjetiundKglj94gOh5FtqwVDkrFtZBT:aXuCiaDdN4gOLFtqwVDkrFtZR
                                                                                                                                                                                                                        MD5:9C1DE33CDC0EE218C723FE44BD9A2EE3
                                                                                                                                                                                                                        SHA1:506344579A05FC616A0E9C8D3530F77B0FD1BD04
                                                                                                                                                                                                                        SHA-256:59717DB0FCEF81DBE9EEC0F09648221D844B6ABED6FB59DF8033693E67E20DF4
                                                                                                                                                                                                                        SHA-512:F4F9F2327BD0D0C0DEDAB5A80D7CCB492D9E00A8662E85D1503F5755F71A5ECC7A4ABC6C9E97CB16D6E52C400FC3DD9EA635ED9EE4861289CCB9F2108BF02851
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..^..........R}... ........... ....................................`..................................}..O....... ............h..H(.......... |..8............................................ ............... ..H............text...X]... ...^.................. ..`.rsrc... ............`..............@..@.reloc...............f..............@..B................4}......H............h...................{........................................{1...*:.(2.....}1...*..0..)........u..........,.(3....{1....{1...o4...*.*.*v .qP. )UU.Z(3....{1...o5...X*..0..:........r...p......%..{1......%q.........-.&.+.......o6....(7...*..(8...*:.(8.....}....*"..(9...*&...(:...**....(;...**....(<...**....(=...*F.(>........o....*F.(>........o....*:.(>.....o....*:.(>.....o....*^.(>..............o....*>.(>......o....*>.(>......o....*2.(>...o....*2.(>...o....*6.(>...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\RestSharp.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):190464
                                                                                                                                                                                                                        Entropy (8bit):6.164000610883027
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:32SM9KBmXowyrg7h2Bk3uIRUgpOYx+fsh6ow4iDvmRBktpWaLJ1qbC:WbXDyG2GeyUglf6ow4iDoZ
                                                                                                                                                                                                                        MD5:EBB404B296276A65D85A13CE889A64AB
                                                                                                                                                                                                                        SHA1:2FE54894589988A7C3B0C752F4DE9D84B3F21312
                                                                                                                                                                                                                        SHA-256:37BF2A8815E1833153FF92D0BEC3A1405F5C5F146884D0563A96BACD1B0074F9
                                                                                                                                                                                                                        SHA-512:C0BA618CC6AA3987930598BF9557F6E2AA6657F72FEBDC034B07AC25C2682DEBECCAC4940A27A8612C1B84C70E350E78D19E8928CAC613CADC48E4FEFADA9F71
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\Citrix\Broker\Service\RestSharp.dll, Author: Joe Security
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.C..........." ..0.................. ........... .......................@............`.................................\...O.......L.................... ......t...T............................................ ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B........................H.......<.................................................................{'...*..{(...*V.().....}'.....}(...*...0..A........u........4.,/(*....{'....{'...o+...,.(,....{(....{(...o-...*.*.*. z... )UU.Z(*....{'...o....X )UU.Z(,....{(...o/...X*...0..b........r...p......%..{'......%q.........-.&.+.......o0....%..{(......%q.........-.&.+.......o0....(1...*..(2...*^.(2..........%...}....*:.(2.....}....*:.(2.....}....*R.rI..p.(3.....}....*..{....*..{$...*"..}$...*..{%...*"..}%...*.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\SDKUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32840
                                                                                                                                                                                                                        Entropy (8bit):6.351802493760594
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:sxf94NNQFGEUcRUnCOiBhLopZjrPfupwLoYlIWfIYiArevgpAM+o/8E9VF0Nyq6Y:QflsE2SKPRoYlIWgYiRvmAMxkEhY
                                                                                                                                                                                                                        MD5:5C99E8181ADB5645360FB64AD5B5948F
                                                                                                                                                                                                                        SHA1:06984076ADAC909D484BE687C7A2B65D3C08DB3A
                                                                                                                                                                                                                        SHA-256:2FC6633CD0A632BBB6ED28CC90095278FEC0B3B2E011C4735A803C2858BAFEF7
                                                                                                                                                                                                                        SHA-512:E06DE756446456CBDF54E195FAE8DF0FBBA438206D383B3C5007C684CEE1FF622582C8C42D21BAAAFDF30B9B59DA09E57227F1942ED1EE468EB07C2C63ED2C69
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a............" ..0..N...........l... ........... ..............................0.....`.................................Bl..O.......<............X..H(..........hk..8............................................ ............... ..H............text....L... ...N.................. ..`.rsrc...<............P..............@..@.reloc...............V..............@..B................vl......H.......`1...9...................j........................................(....*:.(......}....*..0............}.....(......o....}......r...p(....}.....(....}......o....}......o....}.....o..........o......}......}......}.....(....}....*..{....*..{....*..{....*..0...........{....r1..p.(...+.-(.{....r}..p.(...+.{.... ....o!....{....*.o".....,......{....r...p..(...+(....*.-(.{....o$...o%...-..{....r...p(&...('...*.o(.....o)....(*...,..{....rU..p(+...(....*.......(....}.....{....o

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\SchemaFeature.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):109640
                                                                                                                                                                                                                        Entropy (8bit):5.601896466636061
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:L29vl0bWIXzP+Y1XsZX1Cjkvjg0Klq5ht:L21qjjGVX1Fjilat
                                                                                                                                                                                                                        MD5:4354E8265EFA8E9081B2EDDCA7188C84
                                                                                                                                                                                                                        SHA1:8ADDFDE8D360C1B1F3E9DD65DDB23C1A8D16EC9D
                                                                                                                                                                                                                        SHA-256:78FE88647B20FA5821B64060DECB71585848C53E428223616C418968A12A99CA
                                                                                                                                                                                                                        SHA-512:6DC62B14044F49D63F779D85B300892D39FD3A75D307C9D1B729DBA3C5E86454987AF336D0B242D368C7F1A817F29CC3D3CC07D91CB244B911F6D94B82988D06
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..z............... ........... ....................................`.................................\...O.......................H(..........x...8............................................ ............... ..H............text....x... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......,u...!............................................................(....*:.(......}....*..0...........(......r...ps....(...+}......rK..ps....(...+}......r...ps....(...+}......r...ps....(...+}......r)..ps....(...+}......rs..ps....(...+}......r...ps....(...+}......r...ps....(...+}......rQ..ps....(...+}......r...ps....(...+}......r...ps....(...+}......r/..ps....(...+}......ry..ps....(...+}......r...ps....(...+}......r...ps....(...+}......rW..ps....(...+}......r...ps....(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\SchemaFeatures.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21064
                                                                                                                                                                                                                        Entropy (8bit):6.624885626559706
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Ufw2B1GqPq11GJiyyTzWLy9ObaIYiArevJBsAM+o/8E9VF0NyNph:Ufw2B1GeqTTJN9ObnYiRvMAMxkE5h
                                                                                                                                                                                                                        MD5:DEBF617F3DAEF724847AF5CC0AB65808
                                                                                                                                                                                                                        SHA1:D25BC80DFA60DD58D40FAD0D33FB352B802A17F3
                                                                                                                                                                                                                        SHA-256:D1B32FAFDE5D003CF866A1C7800F8116BD146BB80AA69E072EBC9862DCBB3E9B
                                                                                                                                                                                                                        SHA-512:007A63D9B3D2151E7687FEB7A5AEF0C81020CB83A4DA3E9F567D3D9E2C46A5592B3112E5945FE20B3D8E8C3B0804A4D09A4533BE79D356CB690629B67AC4ADD5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.. ..........&>... ...@....... ....................................`..................................=..O....@...............*..H(...`.......<..8............................................ ............... ..H............text...,.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H........$......................p<........................................(....*:.(......}....*.(....o....*.(....o....*V(....o....o....o....*....0..m.......s....(.......(.....82....o....o......o.....>.....r...p.o ...:.....r...p ....(!.....o"...,9.(#...-.($...rc..p.(%...s&...z.o'...r...po(...o)....8.....r...p ....(!.....o"...9.......o'...r...po(...o)...(*...~.....o'...r...po(...o)...o+......o'...r...po(...o)......o'...r...po(...o).....(............s....o,...+.($...r...p..(-...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\SdkAttributes.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):41032
                                                                                                                                                                                                                        Entropy (8bit):6.30767926189267
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:CaabK+68EedIa2qiey/59LGeYiRvcJAMxkEY:CRE8JX2L/nz7NcRxc
                                                                                                                                                                                                                        MD5:F8B877EDF311A9C7C22D07F5FF569E8E
                                                                                                                                                                                                                        SHA1:14AE3FF7651B57B122EF8157A328B6883EE24EA5
                                                                                                                                                                                                                        SHA-256:0ED66AE1EB2D719453DEB4A70FB5DD50A162C43A923F0D5779AF64048D1B4D54
                                                                                                                                                                                                                        SHA-512:4CADC48A9CB056E7094307C7F4FF8B51AAC2E4B8F27826C35D4550CBFF61BD2BA0CD2128D6807934170691393DACE7A99FE3E9B55A62872A4FF2031EFF935CB5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..n..........f.... ........... ....................................`.....................................O....................x..H(..............8............................................ ............... ..H............text...ll... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B................H.......H.......<+..\_............................................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\SdkDalAttributes.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):27208
                                                                                                                                                                                                                        Entropy (8bit):6.526195130395748
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:BOFhJKqnRlngecLIhl4KqPJqBY1wn8IYiArevwMAM+o/8E9VF0Ny2m4u:8DY0zOol4KqYm1wntYiRvdAMxkEp4u
                                                                                                                                                                                                                        MD5:DDB56B451721E69BC939E450FDF6C0FE
                                                                                                                                                                                                                        SHA1:A386D61A54421764622E8894121F9FCC7458A0FB
                                                                                                                                                                                                                        SHA-256:14848AC2B584235EE526AED6F2AA8EE347DB0AB6F05BDA78530443156BFA6D7A
                                                                                                                                                                                                                        SHA-512:9A94FA4E6B4E8DD30312ECE32B501DC55A24BEC3AFC00FE768263DC2E5BD6796DE74311EFB60FC7CB92F109C67AC0168E69B47D4CD796E7E14E6BF672681B666
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3.E..........." ..0..8...........V... ...`....... ....................................`..................................V..O....`..$............B..H(...........U..8............................................ ............... ..H............text....6... ...8.................. ..`.rsrc...$....`.......:..............@..@.reloc...............@..............@..B.................V......H........$..T0.................. U........................................(....*:.(......}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*J.r...p}.....(....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*J.s....}.....(....*..{....*"..}....*..{....*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\SdkInterfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):34376
                                                                                                                                                                                                                        Entropy (8bit):6.432796712034357
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:RfHKeW5WIjb7wMB5joeoamhWYT9BG9DBM57i0/izWzlUZR0nw9LnBsYiRv7AMxke:RfHKeW5WIX7wMB5joeoamhWYT9BG9DBW
                                                                                                                                                                                                                        MD5:4E48375F09917BDFDBD5AD1C2F9E10B1
                                                                                                                                                                                                                        SHA1:A433448B1DC0B96DD9CFA79357316DB7E2180963
                                                                                                                                                                                                                        SHA-256:EAA76728B770CD8C282807878B8CEF9918665DD0A5948AF94184FA745EDB5C9D
                                                                                                                                                                                                                        SHA-512:8818A9F13789C3CE96C0546BDAF147281211DEF0035248668ACEBFFC168CC6DB16CF0FDEEC9DCCFDB04B533C6F0E0FA2CC52A512836F51B7729D043DE6BB321F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2..........." ..0..T...........s... ........... ....................................`.................................Ps..O....................^..H(..........Tr..8............................................ ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............\..............@..B.................s......H.......`&..tK...................q........................................(....*:.(......}....*..{....*"..}....*:.(......(....*..{....*"..}....*>..(......(....*..{....*"..}....*>..(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(M.....(O.....(Q......(S...*...0............s.....s......~3...%-.&~2.........s....%.3...(...+o ....+H.o!.......oP.......oR...,...oR.....oI.....o....-..)...oN...o"......o#....o$...-....,..o%......o&...Q..o'...Q.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Serilog.Sinks.File.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):28160
                                                                                                                                                                                                                        Entropy (8bit):5.55826123162844
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:rdK36THowuUITpqSRiIrSI1KQrgwc6LdSpARCHdDQBLJRI+qMalKVeFje+WUMuUk:rdG9LUgZRiIVJrgwDmHdD2JRr6VUqX
                                                                                                                                                                                                                        MD5:4C2B0737D9A73DA09172D3C210B0265D
                                                                                                                                                                                                                        SHA1:A35A98EC72154CC1D112F46BD177A7F043DBCD46
                                                                                                                                                                                                                        SHA-256:6D8D84C9C14201674D9A309F51E952CF148AD33CDB66507D9677EBF1B1E4432B
                                                                                                                                                                                                                        SHA-512:C605BEF0A7CAA12B0D7C47564C3A214EA1DB40F901DFDC4C5B35BF73610A5D9030B67E495B409A79C76AD5EC6EF9962CD56C050C51883A3151D34931A8361AA8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-M............" ..0..d..........6.... ........... ....................................`....................................O.......................................T............................................ ............... ..H............text...<b... ...d.................. ..`.rsrc................f..............@..@.reloc...............l..............@..B........................H........:..dF..................p........................................0..#....................................(....*..0..!..................................(....*....0...................................(....*..0.................................(....*....0..Q........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s.............................(....*....0..T........-.r...ps....z.-.rM..ps....z.-.r%..ps....z.......s............................(....*B..........(....*:........(....*

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Serilog.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):111104
                                                                                                                                                                                                                        Entropy (8bit):5.945338284575969
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:n2snwLneibxB9UMpn66RFzO2ilt49M/3:rnwLneif9USzK3
                                                                                                                                                                                                                        MD5:74BB2CBD8BAE2AB725A199CB3148B4FD
                                                                                                                                                                                                                        SHA1:6538AA3C418DAF4C86FC60F0EE1393A3E483CD8D
                                                                                                                                                                                                                        SHA-256:966D83948959041D4C46239E4952B03C02917D2EFCB766BBAB961F5DAF6C874F
                                                                                                                                                                                                                        SHA-512:E08E5CA0A739D99B1DCD906B818FBF06E8383A6A5516F21DE29D57FB065CF41ECD1CBF283A98B8F2B4A7B31E26FB6F06A90237A879C23309F5F59DD3C6A9C709
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0.............Z.... ........... ....................... ......b.....`.....................................O...................................x...8............................................ ............... ..H............text...`.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................:.......H.......... *............................................................{(...*..{)...*V.(*.....}(.....})...*...0..;........u......,/(+....{(....{(...o,...,.(-....{)....{)...o....*.*. +#.. )UU.Z(+....{(...o/...X )UU.Z(-....{)...o0...X*.0...........r...p......%..{(....................-.q.............-.&.+.......o1....%..{)....................-.q.............-.&.+.......o1....(2...*..{3...*..{4...*V.(*.....}3.....}4...*...0..;........u......,/(+....{3....{3...o,...,.(-....{4..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Settings.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):105544
                                                                                                                                                                                                                        Entropy (8bit):5.492066869861681
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:sgzuvKSd4Lj1TxT+Fdp9o3YM4JxvzzCh8:GsLOJpq8
                                                                                                                                                                                                                        MD5:EB7C0762D75CAE86FE0C8CE7266440FC
                                                                                                                                                                                                                        SHA1:925C1C0AD4A3978F9FD04352E5BAC7A0E5868DE0
                                                                                                                                                                                                                        SHA-256:68D64C719E64499D88F05E9D2C841D4FCD0D90436B9202B5EE3BCAEE73EFA408
                                                                                                                                                                                                                        SHA-512:99783DF80E5BE42C8C0F2FDA181BB509EE356CECA6B24F1BB2459149528DA2E4A26437BDCC946E298CABB682BBA9DDDA6AF8F67FCED7BB5F4316CA4565FBD6D1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L............" ..0..j............... ........... ..............................-.....`.................................Z...O.......P............t..H(..............8............................................ ............... ..H............text....h... ...j.................. ..`.rsrc...P............l..............@..@.reloc...............r..............@..B........................H.........................................................................(....*:.(......}....**....(....*...0..$.......~....r...p.Z..................o....*V~....r-..prG..po....*..*2..Q.o....&.*Vr...pr...ps.........**....(....*..(....*.~....o....*..0..'.......~....r]..p .'....................o....*..0..'.......~....r...p .'....................o....*..0..$.......~....r...p .....s.............o....*..*2..Q.o....&.*Vr...prY..ps.........*"..(....*..(....*.~....o....*..0..!.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Setup Scripts\BackupDesktopServerKeys.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17212
                                                                                                                                                                                                                        Entropy (8bit):6.054374748066123
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:IL1fYKgtKdpt0wutrQ5CqP4HWNgDmhNp50Y564bYZ5DUQohfcyxdcsXGL4yJEsOJ:K3usbagQohfcgdcFUhEYKi+ORvt
                                                                                                                                                                                                                        MD5:E2FC45D416982FBAD82149F63BFE0121
                                                                                                                                                                                                                        SHA1:0A731C6A8472A4469EADD3F5F0A9CFC45A8B3305
                                                                                                                                                                                                                        SHA-256:6923C4018E184626ECD344DA1F52F5B2336EA963A221756F9250C1147F961089
                                                                                                                                                                                                                        SHA-512:C800E34C7A451AFFD4EB1CD1F2C5166AA73F10B559FB65CE5D65F092D0410D6C65368DCEC78F6E66CD15DB8CB3A68DEC3493FB270E31348C57890CCBC2B464F4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.#Implemented as part of BRK-5284: https://issues.citrite.net/browse/BRK-5284..#This Powershell script preserves the value of DesktopServer\XmlServicesEnableSsl and DesktopServer\XmlServicesEnableNonSsl in XaXdCloudProxyPersist\XmlServicesEnable ..#This powershell script is invoked from Custom Action: CA_BackUpDesktopServerKeys.....$desktopServerRegKeyName = "HKLM:\SOFTWARE\Citrix\DesktopServer"..$xaXdCloudProxyPersistRegKeyName = "HKLM:\SOFTWARE\Citrix\XaXdCloudProxyPersist\XmlServicesEnable"..$xmlServicesEnableSsl = "XmlServicesEnableSsl"..$xmlServicesEnableNonSsl = "XmlServicesEnableNonSsl"....#Check for DesktopServer Registry Path..if(Test-Path $desktopServerRegKeyName)..{.. try.. {.. $xmlServicesEnableSslValue = (Get-ItemProperty -Path $desktopServerRegKeyName -Name $xmlServicesEnableSsl -ErrorAction SilentlyContinue).XmlServicesEnableSsl.. $xmlServicesEnableNonSslValue = (Get-ItemProperty -Path $desktopServerReg

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Setup Scripts\ConfigureHighAvailabilityService.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18810
                                                                                                                                                                                                                        Entropy (8bit):6.099936568110988
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:mVjjZ1mZFqhC5c0weG64bYZ5DUQohfcyxdcsXGL4yJEsOQ7YKnicxsQaHmp:mlmZUbagQohfcgdcFUhEYKi8aGp
                                                                                                                                                                                                                        MD5:3775BBA0DF675A80D0621A5E7FDD852A
                                                                                                                                                                                                                        SHA1:3AE247D7E71779F79BD6C53A62554585D57CB663
                                                                                                                                                                                                                        SHA-256:6DE476BBD90D6147600D6C7534E5BE52831CCFCF391CA44F19D3D5FCB2E8C54C
                                                                                                                                                                                                                        SHA-512:E247AAED0A17628E91E04A4A38920C98A9A906FE40F201DE8781C9E2311909051A3AE35B99C53DF2338A5031DB8EF2473D475BB03C1880567EED98F8D1D154BC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.....[CmdletBinding()]..param(.. [ValidateRange(1, 65535)][int] $sdkPort = 89,.. [ValidateRange(1, 65535)][int] $vdaPort = 0,.. [ValidateRange(1, 65535)][int] $sfPort = 80,.. [ValidateRange(1, 65535)][int] $sfTlsPort = 443,.. [string] $logFile..)......# ============================================..# Useful constants..#..$swKey = 'HKLM:\SOFTWARE'..$ctxRegKeyName = "$swKey\Citrix"..$newBrkRegKeyName = "$ctxRegKeyName\Broker\Service"..$brkRegKeyName = "$ctxRegKeyName\DesktopServer"..$instLoc = 'InstallLocation'..$srvName = 'CitrixHighAvailabilityService'..$srvNameExe = "HighAvailabilityService.exe"......# ============================================..# Check install..#..if (-not (Test-Path $newBrkRegKeyName))..{.. throw "XenDesktop Broker not correctly installed."..}..$installDirectory = (Get-ItemProperty $newBrkRegKeyName).$instLoc..$scriptDirectory = (Split-Path $script:MyInvocation.M

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Setup Scripts\RestoreDesktopServerKeys.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17298
                                                                                                                                                                                                                        Entropy (8bit):6.052307584319394
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:QLc5YKgtzk0wvrelciP4dlNgSEijthBp4t0er64bYZ5DUQohfcyxdcsXGL4yJEsE:vECk5bagQohfcgdcFUhEYKikW1l
                                                                                                                                                                                                                        MD5:37784467E0D233DC23FCCE27B8168101
                                                                                                                                                                                                                        SHA1:6463FAE19D3EAEEB3FB2E44F7902523C85DA6680
                                                                                                                                                                                                                        SHA-256:54090ABFFB584A99A4F04AAEDE9EE96BAB82321909C2DEC4FE0EE10772CFC241
                                                                                                                                                                                                                        SHA-512:00ED2F3DC9A0FB1C231CE460D3C022778030C1BA1604BA3178E4FEB1A9DBF10FE7B6D1487106C8506B8FE545649C8DEB18C491B1D42C6AF72DE6D1E0828BDCBC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.#Implemented as part of BRK-5284: https://issues.citrite.net/browse/BRK-5284..#This Powershell script restores the value of DesktopServer\XmlServicesEnableSsl and DesktopServer\XmlServicesEnableNonSsl from XaXdCloudProxyPersist\XmlServicesEnable ..#This powershell script is invoked from Custom Action: CA_RestoreDesktopServerKeys.....$desktopServerRegKeyName = "HKLM:\SOFTWARE\Citrix\DesktopServer"..$xaXdCloudProxyPersistRegKeyName = "HKLM:\SOFTWARE\Citrix\XaXdCloudProxyPersist\XmlServicesEnable"..$xmlServicesEnableSsl = "XmlServicesEnableSsl"..$xmlServicesEnableNonSsl = "XmlServicesEnableNonSsl"....#Check for XaXdCloudProxyPersist\XmlServiceEnable Registry Path..if(Test-Path $xaXdCloudProxyPersistRegKeyName)..{.. try.. {.. $xmlServicesEnableSslValue = (Get-ItemProperty -Path $xaXdCloudProxyPersistRegKeyName -Name $xmlServicesEnableSsl -ErrorAction SilentlyContinue).XmlServicesEnableSsl.. $xmlServicesEnableNonSslValue

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Setup Scripts\Set-ADControllerDiscovery.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:C source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36147
                                                                                                                                                                                                                        Entropy (8bit):5.750536254521463
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:+roR0COfr9pXGCbagQohfcgdcFUhEYKiatS:+br9pXjbDf+mvatS
                                                                                                                                                                                                                        MD5:E862A432C70CBE776ED0857A88DA4092
                                                                                                                                                                                                                        SHA1:22C797FA7F7832C671E554FF6591DC5772A360D3
                                                                                                                                                                                                                        SHA-256:0C55CD1CD4635AADBD620B6458C925F8A110E86BFE2C155FCF0CEE80A142ACD8
                                                                                                                                                                                                                        SHA-512:EBB1F222344D70DD9655BBC4E7F968B282671EBA615058397FBE007667D49A5DD83D26CD5A72A2C0AD32DE4D7C96A19987A18D31F721E4F3FF80DC282A7F0F11
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<#...SYNOPSIS.. Configures how a XenDesktop site should expect Virtual Desktop Agent machines.. to discover information about Desktop Delivery Controllers within the site......DESCRIPTION.. The Set-ADControllerDiscovery script configures a XenDesktop site to expect.. the Virtual Desktop Agent on virtual desktop machines to discover Desktop.. Delivery Controllers in one of two ways:.... o Registry-based (default) - registry values on the virtual desktop.. machines identify individual Desktop Delivery Controllers... o AD-based - a single registry value on the virtual desktop machines.. identifies an OU in active directory which contains information about the.. available Desktop Delivery Controllers... .. This script must be run on one of the Desktop Delivery Controllers in the.. site by a user whose identity is both a full administrator of the XenDesktop.. broker and also has the appropriate permissions to make changes in relevant.. OU in active

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\StackExchange.Redis.StrongName.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):432128
                                                                                                                                                                                                                        Entropy (8bit):6.527264664347621
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:QY//tPIeTIs6MO8f/Oe+3Nys5JDaWPh6GIC9ONtNtG15AHqcfnS2:TtweQ3801P15iS
                                                                                                                                                                                                                        MD5:1180696599D207A7BFE72A4969474134
                                                                                                                                                                                                                        SHA1:952721C9685DF2B4A58FD1ACC29F928D770A77A5
                                                                                                                                                                                                                        SHA-256:81E9C53A17AB9B5F18B29313345570E2C8C0C19E72E9D13286867AC9DF9B7D32
                                                                                                                                                                                                                        SHA-512:D24D8E87C42FC48D0CD67E7E4425E01B513C5ED1BDE6A0756FD9CA499709D727977EC12E617AD0EB9D73AE9DCEFAF2F716EFA585F6A86D717776AB18D84B24DA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....S............" ..0.............F.... ........... ...................................`....................................O.......................................T............................................ ............... ..H............text...\.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................&.......H.......X`..0V............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0...........(........(....-..*.*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0...........(........(....-..*.*..{....*"..}....*..{ ...*"..} ...*..{!...*"..}!...*..{"...*"..}"...*....0..-........(....(......(....(>...-..r...p.(....(?...*.*..(....-..(....,..*.(.....j_,..*.*..0...........-..*s@.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\StackExchange.Redis.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):816640
                                                                                                                                                                                                                        Entropy (8bit):6.355387419923501
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:2FTioWq2rjfH/fJRhOT8VbmJMIRw87CSWqrqXzAeS+z:zrjHXJRhg8Vb2MIRn71WJz7z
                                                                                                                                                                                                                        MD5:6F1EF7C90C655179F4E52F1FE4F816BD
                                                                                                                                                                                                                        SHA1:8C5D3CE511482E54E10DE0932F504D08EF31D0DD
                                                                                                                                                                                                                        SHA-256:F783C31D64242B16874D8ECDEF99290CB8F4399E15554D49745681DC9BAD8215
                                                                                                                                                                                                                        SHA-512:E68FACDE55316654F3A5ED6810E839B0C9D5CE7E539C4825BFAD7B23B4DA0257AF77D1DB33F57F44DDD55E2E944E59B15F66499162234FB778E52F206EE8F4E5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..l.............. ........... ..............................Yd....`.....................................O...................................X...p............................................ ............... ..H............text....k... ...l.................. ..`.rsrc................n..............@..@.reloc...............t..............@..B........................H.........................................................................{Y...*..{Z...*V.([.....}Y.....}Z...*...0..A........un.......4.,/(\....{Y....{Y...o]...,.(^....{Z....{Z...o_...*.*.*. .... )UU.Z(\....{Y...o`...X )UU.Z(^....{Z...oa...X*...0..b........r...p......%..{Y......%qq....q...-.&.+...q...ob....%..{Z......%qr....r...-.&.+...r...ob....(c...*..(d...*^.(d..........%...}....*:.(d.....}....*:.(d.....}....*..(d...*:.(d.....}....*V!.....~...se........*..(d...*..(d...*..(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\StandardSocketsHttpHandler.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):233472
                                                                                                                                                                                                                        Entropy (8bit):5.877859797546977
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:geRFqpNtJXhWrUjf0TdtFsp13fWaVbQugoBFhsWS/JEzu0Czlmi4IglPqwX:zuRsbTp83fWadQZoBjVP/flSw
                                                                                                                                                                                                                        MD5:BF45E91ABF5E766CFEFCFC90E2ED1D7F
                                                                                                                                                                                                                        SHA1:2D8829AA8F1D5DC4758309BF1DBAFC69D5A44729
                                                                                                                                                                                                                        SHA-256:237899763C0869C2AC057BAD4FA43BA0159D2931AC43486093DBE93EC17A8CA9
                                                                                                                                                                                                                        SHA-512:E995BD3F5C15294DA92B1C68E9D9C721EEA1E21AA6DC3BFD9B2312A152EBDEF9595055C60CF776D6069A9F91DEA8C1D52F3BE60C4423787AA71D31E46E4A67CE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....m..........."!..0................. ........@.. ....................................`.....................................K...................................t................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................L.. w..4.........................................(....*B...o.....Y(....*....0..c........-.~....*..X.Y.+...X....0...o....(....-.+...Y...2...o....(....-...Y.X..,...o.........o....*.*~....*..0.................(.....o......(....*...0..,.............-..+.........o.....(.....X.(....(....*.0..K.............-..+.........o...........-..+.........o.....(.....X.(.....(....(....*..0..k.............-..+.........o...........-..+.........o...........-..+.........o..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Buffers.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20856
                                                                                                                                                                                                                        Entropy (8bit):6.425485073687783
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
                                                                                                                                                                                                                        MD5:ECDFE8EDE869D2CCC6BF99981EA96400
                                                                                                                                                                                                                        SHA1:2F410A0396BC148ED533AD49B6415FB58DD4D641
                                                                                                                                                                                                                        SHA-256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
                                                                                                                                                                                                                        SHA-512:5FC7FEE5C25CB2EEE19737068968E00A00961C257271B420F594E5A0DA0559502D04EE6BA2D8D2AAD77F3769622F6743A5EE8DAE23F8F993F33FB09ED8DB2741
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ....................................@..................................B..O....`..@...............x#...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.CodeDom.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32384
                                                                                                                                                                                                                        Entropy (8bit):6.250631046498082
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:/ccaU602gaB3EqYChzZpXc2uo0hGJm9zWAw:EcaGsYCh1pX0o0PzWAw
                                                                                                                                                                                                                        MD5:BCD6DAAE1022CBE0C86DA778CB874B6C
                                                                                                                                                                                                                        SHA1:0C696CA7F7A0AE7F6C749C6376D61F79A56BF82C
                                                                                                                                                                                                                        SHA-256:D4047CDC0C372B06AFC9CBED39B717FAC18DCED723E5851806A19F1BF42DE1A3
                                                                                                                                                                                                                        SHA-512:EAB2278FFAC26B21DF01FAD86EB7747BAE59706F854E4BC86EFE536904210258BFDD79AAE1090D25DE40FA8852C23844CF8DDEA6C487CD6221E30BF8174083B2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..J...........i... ........... ..............................QX....`.................................yi..O....................V...(...........h..T............................................ ............... ..H............text....I... ...J.................. ..`.rsrc................L..............@..@.reloc...............T..............@..B.................i......H.......t%...4..........dZ......$h........................................(....*:.(......}....*.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....( ...*.(....,"r.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Collections.Immutable.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):198784
                                                                                                                                                                                                                        Entropy (8bit):6.171317465832283
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:EWXnUaec5PO4MJJEUjYeasDs4fGBvSj2bgtZV1HJ7IMt7RMjODTAkzcKb:EWEaVPO4gJNSsDsowvSj2bgtn1CXDkA2
                                                                                                                                                                                                                        MD5:7B2A749A73990140BB21395E2C786F0C
                                                                                                                                                                                                                        SHA1:2F1EBB67E21B33C74C4C6CF217AC1F797959F18B
                                                                                                                                                                                                                        SHA-256:D168AF8E4A1263B5844180B1B371C5879B21B5B666FEEF7CA749B10192688006
                                                                                                                                                                                                                        SHA-512:AEFAA2EA20766775581DA160291C234F5AEF3A81A356ECE2AF4051F6C453C213CDE2EBCAE1986F9CA113D27ACED45E50237FDE3E1AF8B2A1537E2098CB65ABD4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............Z.... ........... .......................@............`.....................................O........................(... ..........T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................9.......H........!..............T...@.............................................(....*..(....*^.(.......Z...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.ComponentModel.Annotations.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):43152
                                                                                                                                                                                                                        Entropy (8bit):6.137234963318556
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:GnXppnvYs47bNql0kevR9SDQxSWIfYYL8oRT3KI3lUlBmeEZeTfyDxdQocwc1fVZ:gXDQsPurQcR3y6JOnSHDYFD9VioLQJ
                                                                                                                                                                                                                        MD5:7D3D14B0417A68CCDD9C51972FF74863
                                                                                                                                                                                                                        SHA1:CEACBD53B6A02E1F7337A6B0058924E1E11949BB
                                                                                                                                                                                                                        SHA-256:04113C8549185519F3202790CEB23DF609644872B9C249A56D2BCF59566102C4
                                                                                                                                                                                                                        SHA-512:B2D133214F21D700E1AF0C248DCC11EF66EA6DA62043FF6D5E900FE2A1665D75583E4CD218526A146F2C62E22ADF4CA2FA3B8879AE0F5A2E515E2C3A5184CE9C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0..Z..........Bx... ........... .............................../....@..................................w..O....................j...>..........8w............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............h..............@..B................"x......H........$...............R.. $...v......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r=..p.(....*2r}..p.(....*2r...p.(....*2r...p.(....*2r%..p.(....*2r]..p.(....*2r...p.(....*2r/..p.(....*2r...p.(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Configuration.ConfigurationManager.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):91264
                                                                                                                                                                                                                        Entropy (8bit):5.352794878474568
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:KUygsS6BeXYgnQNrh9BhejkpvStZnQ+2/NVQ8GLa0Uh55T3lEC/IOPbZtxqN4bES:Eh8a9BheBQ+2/NVQ8GLa0Uh55T3lEC/J
                                                                                                                                                                                                                        MD5:0DC8E149BBAFAF4A6DE3F84A3E089B6F
                                                                                                                                                                                                                        SHA1:0F5CC37FB1B85D87FF3C37A25BABBECA556FC013
                                                                                                                                                                                                                        SHA-256:0C636BEC5A50D15643210995E27D701D9DB5BFD5A3B1E44EE946AF33CC98D165
                                                                                                                                                                                                                        SHA-512:3635F2E1F00712D872F2B79B159F41C73EAE09B8A365D331325B89F3666900BCAD56DAC6B8A63BBE6216748FFF8FA474A9AD131DB4BF14F3441337EEB9DF6F9E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....#1..........." ..0..0...........N... ...`....... ....................................`..................................M..O....`...............<...(...........L..T............................................ ............... ..H............text........ ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............:..............@..B.................M......H.......L-..................0...8L........................................(....*:.(......}....*.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Data.SqlClient.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):223776
                                                                                                                                                                                                                        Entropy (8bit):5.6563300963428915
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:bXFpBZBJLurBxad7/7AkGF60FhFoFmF8cjcsc4FEFbFgcbFmFiF6FhFuFBFuFDFM:7FoH60FhFoFmF8cjcsc4FEFbFgcbFmFM
                                                                                                                                                                                                                        MD5:D8FC6FEBB581F28CCCABB8F839023F73
                                                                                                                                                                                                                        SHA1:1C257F6CE7E595AC1D1989B299A04AF6454DF935
                                                                                                                                                                                                                        SHA-256:51B1D254C2E7B798359C2BE9A0FAEBC51704EFEE31A170F4741203EDA9681081
                                                                                                                                                                                                                        SHA-512:D52A3121D720E579C1CB26B82F3D3557D4C1369301CA1A0799DAAA4D0E949805F12570E93A27E5F6F51666633A62F41235504631C5237B588218F706C5192F20
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....x..........." ..0..8...........W... ...`....... ..............................8d....`..................................V..O....`...............B.. (...........V..8............................................ ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H.......h7..............@...XW...U........................................*..0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%....(....*......(....

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):173232
                                                                                                                                                                                                                        Entropy (8bit):6.261323355738202
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:bNcLPcNABKuTwIxpRoZgM4U2Ny1jb54rbHXrwZ2F3c:p1NAB9qZgM4U4qnQwl
                                                                                                                                                                                                                        MD5:ECA216927ED487613B7A042FC643BD8F
                                                                                                                                                                                                                        SHA1:030BBD6D404138A5DE6AD850269985372C89D9EB
                                                                                                                                                                                                                        SHA-256:5B8CCDDA36486950DE37484C25E1334376431E52176C32F87DD730690B273E3B
                                                                                                                                                                                                                        SHA-512:C234B5A11E14B5DA6CC940BC0D989C0F64C73E66CFE62970ECDB5DB37F1E86A163861987A947A3C6FE93291557356F1F1C1FBBFA2187DD61F4A9235C1E374E78
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'..........." ..0..p.............. ........... ....................................`.................................s...O....................|...(..........t...T............................................ ............... ..H............text....o... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B........................H...........(...........4................................................{....*:.(/.....}....*..0..)........u%.........,.(0....{.....{....o1...*.*.*v ..yN )UU.Z(0....{....o2...X*..0..:........r...p......%..{.......%q'....'...-.&.+...'...o3....(4...*..{5...*:.(/.....}5...*....0..)........u(.........,.(0....{5....{5...o1...*.*.*v ..:. )UU.Z(0....{5...o2...X*..0..:........r-..p......%..{5......%q'....'...-.&.+...'...o3....(4...*..{6...*..{7...*V.(/.....}6.....}7...*.0..A.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Diagnostics.EventLog.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):35456
                                                                                                                                                                                                                        Entropy (8bit):6.252306254622891
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:IUnjYQng2w3yhGfmAXOaYbEVnuo0xfOQ69zh:IUnPCGLbEko0Mzh
                                                                                                                                                                                                                        MD5:376F3147F713A0C46A6C83498A8DBF26
                                                                                                                                                                                                                        SHA1:44050D05EA2C3362965884E836D3748EC62A8BE0
                                                                                                                                                                                                                        SHA-256:7E451AD27D83C4A82786842BF3D068EE581F43468A811986916B2FCD460804D8
                                                                                                                                                                                                                        SHA-512:C2DC91CE490E9C5254C9209B6E677685DA2BFE8AB19364C50888511EDE3913DA1881F6E0E28C78E49FC084B1853AE1933D0597153671226C281C707E6D84D32A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C............" ..0..X..........Fw... ........... ..............................9.....`..................................v..O....................b...(...........v..T............................................ ............... ..H............text...LW... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B................'w......H........&..|7..........T^..0....u........................................(....*:.(......}....*.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...( ...*.(....,.r...p......%...%...%...(....*....(!...*.(....,"r.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Diagnostics.PerformanceCounter.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):44672
                                                                                                                                                                                                                        Entropy (8bit):5.933764820619879
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:U5QXOoy47Gm2RG32rLMnnnkarAB8uo0NCOQ69zGT:U5vz2HGrkADo0Fz+
                                                                                                                                                                                                                        MD5:FEF8FA2ED7568A6C16CDA1F2270C3734
                                                                                                                                                                                                                        SHA1:E2F1FB213EFC86EE80F8BB15C67D7600AFB6116F
                                                                                                                                                                                                                        SHA-256:28491784CF9E26F697EE7DB054EA1DDA2265BB0D3B405A9DA2C31ACB53F412AE
                                                                                                                                                                                                                        SHA-512:BD502DBAFB70C117B463914691B04C92B64DE687365F649469F7BE17C4DAEDAADC43B0E95B0B032141D88DCC612BF5D7BF3B6F57B634B6C17F37670402273CF1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....O..........." ..0..z.............. ........... ....................................`.....................................O........................(..............T............................................ ............... ..H............text....x... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H........'...@...........h..8.............................................(....*:.(......}....*.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....( ...*.(....,"r.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Drawing.Common.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):52864
                                                                                                                                                                                                                        Entropy (8bit):5.877286047061025
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:JQAetpO2X36DSE5O/FKzL1iLXeCcSwRUnUo0VxzE:ALO2X36WE5O/FKzBiiC2UnU3w
                                                                                                                                                                                                                        MD5:0E14E431322E84A624F1FA4764B2EE3A
                                                                                                                                                                                                                        SHA1:5A3CACFBC30FFCAAC3842B7E12AA45320697F606
                                                                                                                                                                                                                        SHA-256:D1B937AA7D644F41B93881CEA6AF489C29705DBFAB1045A2A81B9DE81E1CA2DE
                                                                                                                                                                                                                        SHA-512:A4B49C006EF45FF2321BDE664EA16958B3158807E6C6EAF4A12582230140DD294C3041B85EDDBC59C1CA50D1A2CF247A57DCE266AC0F0A7807130DF3F3F0EB29
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'............" ..0................. ........... ..............................m.....`.....................................O.......L................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B.......................H........)..8\...............1..,.........................................(....*:.(......}....*.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....( ...*.(....,"r.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.IO.FileSystem.AccessControl.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):28552
                                                                                                                                                                                                                        Entropy (8bit):6.173353710620323
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:nmjoB5y+MLi9VYp/OiRc715ZkSAcE1l2Yd5zqNz8TWgVbWqdHRN7NfVlGsa9x:yCN9VYp/OiRcnZIfk8PpET
                                                                                                                                                                                                                        MD5:3409C581F0C5083F0C2A93A7A5AC9790
                                                                                                                                                                                                                        SHA1:18EA7BD41D31247148ABF184527C9368A26F39E7
                                                                                                                                                                                                                        SHA-256:E6026501AD4056FF2F1655B0AFDFE8923BC6E8FBAD67E1E9EF56E3002F49FBB9
                                                                                                                                                                                                                        SHA-512:AE877C6FDDAD0E4133274E6372D783EAA4DD6BDCBBF40AB66302FB89BD2F76B215130001186B5C9A135ABD16336C5BFD4D414177704D7D359539DA91918E82ED
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._............" ..0..B...........`... ........... ...............................P....`.................................t`..O....................L...#..........l_..T............................................ ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B.................`......H........&..t)...........P.......^........................................(....*^.(.......(...%...}....*:.(......}....*:.(......}....*:.(......}....*.~....*.0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.IO.Pipelines.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):85120
                                                                                                                                                                                                                        Entropy (8bit):6.253824367009572
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:dB7MOoDssM2SnyXhMiaZeVGeNr5PD71qWYb4bgN0xeRWevOjInFUFDk9P3ESo060:vBoHHTpGe3D71qWYb4bgN0xeRWevOjIV
                                                                                                                                                                                                                        MD5:B18213904B58C0BD01A31D863DC06D9D
                                                                                                                                                                                                                        SHA1:AA1CB86D7A3CAE382CE753C80A82683DEB373F5E
                                                                                                                                                                                                                        SHA-256:D3B818A4F7A84FB0EBD8607DC22F9333367C5D0E02D9E7800783499169DEAE61
                                                                                                                                                                                                                        SHA-512:2EB7ACF6ED61EF1DA4E4F35F931CA689A913A04C01C83091513E6DF25AA6AB68D36FAAD16C5BB6A4CDC20A7960C9C36D549C20AA82D89572CFD5FEBDA7BCA49D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l..........." ..0..............9... ...@....... ....................................`..................................9..O....@...............$...(...`.......8..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......................`-......(8........................................(....*..(....*^.(.......]...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...( ...*..(!...*.(....,.r...p......%...%...%...( ...*...("...*.(....,!r...p......%...%...%...%...( ...*....(#...*..,&(....,..r...pr...p.( ...($...*..(%...*.*.(....,.r...p......%...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.IdentityModel.Tokens.Jwt.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):81952
                                                                                                                                                                                                                        Entropy (8bit):5.908402344943783
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:YbG8HlEX5dlpRb0ukzpnqk5p/rqXTqA88kTtKJMbkmILAcOzj:Ybq5/pZ0ukn/rqXTqA88kTtmMdIUcO
                                                                                                                                                                                                                        MD5:289562FC7249580DE4CF313062F4B3DC
                                                                                                                                                                                                                        SHA1:D2E637DFFF7EE99CC53F086C6C41573D979B7B70
                                                                                                                                                                                                                        SHA-256:E77F3B391444E550738EDB40859AD2354FF2D459E168EF22C2E2753D70CF1210
                                                                                                                                                                                                                        SHA-512:D88E114D91E91E91F70B6F0E0C3052C02DE1C0FC1D1892167013D4AC7A338B04E1DD787CA3E3E81A8C1A6191ACD7C243BCA7C494F18E7DF824F430CD9F6F77E0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...PJ............" ..0.............^-... ...@....... ....................................`..................................-..O....@..x............... (...`.......,..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B................=-......H........j.......................+........................................(....*:.(......}....*^.r...p}.....( ...(!...*..0..)........r...p}.....("....-.rU..p(#...z..($....o%...(&............('.......((...:....r_..p......%.r...p()....%...(*....b...()....%..{....()....%...(+....c...()....%...(,....d...()....%...(-....c...()....(....s/...(0...z..(*....3B...{.....(1......(*....3.....{....(2....+.....{.....(3.......(4.....(5...-.*&...(....*&...(....**....(....*......(....*.0......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Management.Automation.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5194240
                                                                                                                                                                                                                        Entropy (8bit):5.837580626188841
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:mo8lHg093VM3FYlaoHovI2WkL+MoeIDV2DKFKqSWFaH/WMHrs0jxg/pOvj1g:mrdg093SyIw2Wk6g
                                                                                                                                                                                                                        MD5:40DDD154C4498B1426C4F257CDE35F17
                                                                                                                                                                                                                        SHA1:8FB8FB4ED413AB10CF36FCE5B9F3761D76D061EB
                                                                                                                                                                                                                        SHA-256:AAB0CB4D4BB6FD3C9BF689555A2B46D9F7916FC430E9897CBB0DBB2AF3C117E7
                                                                                                                                                                                                                        SHA-512:6E1E9FD03315421908ED5E2A9E1AF611E649BD3E4C968F1C4178DFD829A90D92910E66416417E5579EE30C71C669A02064343492AAD14ACDA08D1018E8A3C6EE
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\Citrix\Broker\Service\System.Management.Automation.dll, Author: Joe Security
                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\Citrix\Broker\Service\System.Management.Automation.dll, Author: Joe Security
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[;3P.........."!......K.........n.K.. ....K...S . ........................O......CO...`...................................K.W.....K.......................O.......K.............................................. ............... ..H............text...t.K.. ....K................. ..`.rsrc.........K.......K.............@..@.reloc........O......@O.............@..B................P.K.....H.......h.!.t7*................P ......................................z...<z{... .vR..]..w..Xe.Y.u.....F.+E.3.K/zo|.(<....1k.%.....Q..)......h..|p.y.u..G...7uL....,U.9.= &.....N<l...DI\.,.k....(A...*..(A....-.r...p(AH..z..}......oL...o....}....*r.(A....-.r...p(AH..z..}....*..0...........{......s............o.B..*F.{.........o.B..*>.{.......o.B..*>.{.......o.B..*....0...........{......s.............o.B..*N.{...........o.B..*F.{.........o.B..*:.{......o.B..*>.{.......o

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Memory.Data.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):33408
                                                                                                                                                                                                                        Entropy (8bit):6.406440482121932
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:d3eCX4pA2nCAJ3KmlgcWrj0xdf47uo0Jo/G2tC9zEY:NeFJtKmycW0xtJo0yOzEY
                                                                                                                                                                                                                        MD5:FDF9A5268811AFD013B33DDCCD5F91B0
                                                                                                                                                                                                                        SHA1:70C1111E3CCBF9EF7C2DE6DE69426AEF45D8B11D
                                                                                                                                                                                                                        SHA-256:08D6CEE70C1BEABF1408D1AB6535DD116025C087FA18C61A88744B9C9768E10F
                                                                                                                                                                                                                        SHA-512:9304E9846F2EDA71B3CE0684C858D5CD4F5915ABB40ABA3531EB7A5E77279D801D5DF0E2C626906844B6F9977150B91995CCD8C1710DC6FF203E3A4D21496652
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H............." ..0..P..........vn... ........... .............................."G....`.................................!n..O....................Z...(..........Dm..T............................................ ............... ..H............text...|N... ...P.................. ..`.rsrc................R..............@..@.reloc...............X..............@..B................Un......H........-..(9..........$g.......l........................................(....*^.(.......@...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..(......%-.&r...ps....z(....}....*..(.....-..-..+..( ...%-.&.....(!.........("...(....}....*..(.....-..-..+..( ...%-.&.....(!.........(#...(....}....*:.(......}....*..(.....-.r...ps....z.($....o%...(....}....*..s....*..s....*..s....*....0..,........-.r...ps....z......!....(....o&......('...*^.-.r...ps....z.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Memory.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):142240
                                                                                                                                                                                                                        Entropy (8bit):6.142019016866883
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rcyw/s:OB8l3/aK32qU
                                                                                                                                                                                                                        MD5:F09441A1EE47FB3E6571A3A448E05BAF
                                                                                                                                                                                                                        SHA1:3C5C5DF5F8F8DB3F0A35C5ED8D357313A54E3CDE
                                                                                                                                                                                                                        SHA-256:BF3FB84664F4097F1A8A9BC71A51DCF8CF1A905D4080A4D290DA1730866E856F
                                                                                                                                                                                                                        SHA-512:0199AE0633BCCFEAEFBB5AED20832A4379C7AD73461D41A9DA3D6DC044093CC319670E67C4EFBF830308CBD9A48FB40D4A6C7E472DCC42EB745C6BA813E8E7C6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`.......>....@.................................`...O.... ..@................'...@......(................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Net.Http.Formatting.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):179680
                                                                                                                                                                                                                        Entropy (8bit):6.155521882026328
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:MXWun8fS8fCk/Difbw37DVGbG8pwp2UuRLYs1+6fS:MXWu8fS4L/DS8rZGbGb5
                                                                                                                                                                                                                        MD5:4A7816CB1067972450045E4AFA50A0B8
                                                                                                                                                                                                                        SHA1:B92C69941C66D5526FF151E523EB92A8A90FC06A
                                                                                                                                                                                                                        SHA-256:00664130B963ACE5F1243AE4786926EA81BC181086FC7149D6123567C304D35B
                                                                                                                                                                                                                        SHA-512:5D26F6D696A4FDF2EAF204683ED18E8BAA75C88FB78EABBD478BBE4F91F46243A2BBF0EB0A6137DCED21C112662C8E431A8B4FE88DCF669D5CEDA0A860798C8A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....].b.........." ..0.................. ........... ...............................6....`.................................h...O........................'..........0................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......`...H............v...3..........................................R....s*... ....(....*F....s*.....(....*>.... ....(....*..0..d........(+....-.r...p(c...z.o,...-(r...p(...... ...%......(-...o.....(^...z.-.r...p(c...z.-.r...p(c...z.../.r1..p.............(g...z.o/...rG..p.o0...-'r...p(...... ...%..o/....%.rG..p.(^...z..o1...o2....>....rS..ps3......}.....o1...o4....+E.o5......s........s6.......o7....o8.....o7....o....o9......o:.....&...o$...-....,..o#.....(...+:.....o<...s

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Net.Http.Json.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):65152
                                                                                                                                                                                                                        Entropy (8bit):6.243838823963982
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:pJZfV2EZPqmGabOKja9YCY6w9nCEDeySilnALYzc:j11ZKafjaPY6w9nCEHlAEo
                                                                                                                                                                                                                        MD5:B6CC43FBD813258C1D08CCBBEB072FBC
                                                                                                                                                                                                                        SHA1:6581908FB5FB34F4F9220A1527642749819A75AF
                                                                                                                                                                                                                        SHA-256:B1148146FF0B6ABF9150B6DDD0A960814FB0344C01DFAC2F37403622026402FE
                                                                                                                                                                                                                        SHA-512:D8453148172D267DA0789C841363785F50D1FC9338482DFE114A36130DB533CC7E8C8EED14B2B67C7744CE5AB343664A93A8E4A841B50D1760B99B2670858B06
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../............" ..0.................. ........... .......................@.......w....`.....................................O........................(... ..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........\..............d.......<.........................................(....*^.(.......D...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*~..(......(.....X..(.....Ys....*^..(......(.....X.s....*...(......(......(......(......(....(....*.~....*....0..........(....,..*..(.....o ......&...*...................0...........(.......(!...-..,..*.*.(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Net.Http.WinHttpHandler.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):136336
                                                                                                                                                                                                                        Entropy (8bit):6.126308361491153
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:t5LiSAq3cV3nLkWaU4eMgqonw2CF7+4zKKuI:t5dlULkUBwH9F
                                                                                                                                                                                                                        MD5:2A3620836C853B387799FD40615BB6B7
                                                                                                                                                                                                                        SHA1:56EC0E85456DA83EE14E21D4D90E109173FC62A3
                                                                                                                                                                                                                        SHA-256:FFB06057E917FA43C83227F483630D19BDF2A2E18C651AAB8E7BDA8479693727
                                                                                                                                                                                                                        SHA-512:EEBF068976228B5C5CF5DD48EA47253132FBA1E6F9D18D9E3509A980673A4AF6CEE4A4E75745F8BFB0380AECFC115F55FAC1C498D3DEEDDDA0FE4236519C1FCE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g............." ..0.............".... ........... .......................@......N.....`.....................................O........................(... ..........T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H............Q..................X.........................................("...*^.("..........%...}....*:.(".....}....*:.(".....}....*:.(".....}....*:.(".....}....*..j ....n_ ....n3..*. ...._ ....`*...0..L........o#.......*..+2..o$.......X....aY..5... Y...aY..5... Y......*..X...o#...2..*.0..D.........+...X...J/...J.X.(%...-..J.Y.+...Y...2...J.X.(%...-...J.XT...Y.XT*.*...0..c........-.~&...*..X.Y.+...X....0...o$...(%...-.+...Y...2...o$...(%...-...Y.X..,...o#........o'...*.*~&.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Numerics.Vectors.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):115856
                                                                                                                                                                                                                        Entropy (8bit):5.631610124521223
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
                                                                                                                                                                                                                        MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
                                                                                                                                                                                                                        SHA1:3D216458740AD5CB05BC5F7C3491CDE44A1E5DF0
                                                                                                                                                                                                                        SHA-256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
                                                                                                                                                                                                                        SHA-512:0B14A039CA67982794A2BB69974EF04A7FBEE3686D7364F8F4DB70EA6259D29640CBB83D5B544D92FA1D3676C7619CD580FF45671A2BB4753ED8B383597C6DA8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................DF....@.................................f...O........................>.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18024
                                                                                                                                                                                                                        Entropy (8bit):6.343772893394079
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:EybU8ndrbbT9NWB2WL/uPHRN7bhlsQVryo:Ey5ndvWbMPVryo
                                                                                                                                                                                                                        MD5:C610E828B54001574D86DD2ED730E392
                                                                                                                                                                                                                        SHA1:180A7BAAFBC820A838BBACA434032D9D33CCEEBE
                                                                                                                                                                                                                        SHA-256:37768488E8EF45729BC7D9A2677633C6450042975BB96516E186DA6CB9CD0DCF
                                                                                                                                                                                                                        SHA-512:441610D2B9F841D25494D7C82222D07E1D443B0DA07F0CF735C25EC82F6CCE99A3F3236872AEC38CC4DF779E615D22469666066CCEFED7FE75982EEFADA46396
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ....................................@..................................6..K....@..............."..h$...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Security.AccessControl.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):35952
                                                                                                                                                                                                                        Entropy (8bit):5.8981099879188905
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:gZRIF95zFhktexyvaMAdB+w3G5h9Mn4YfoMfpcrqmf9wEJqIxVRvFNgfBkyN+/AE:gRMnjKejQWBkyN+/jAjcuQ
                                                                                                                                                                                                                        MD5:8665C8ECE3702FF1E41233AFBA0E17CD
                                                                                                                                                                                                                        SHA1:08270AE926691D3970CACCFC6B499AD37D492650
                                                                                                                                                                                                                        SHA-256:8F64BA90576EED69110922E608F6B01CA7B6098DB01D2EA01F3E8BE4B6CF3B4D
                                                                                                                                                                                                                        SHA-512:817DD89D8310031FFDDC722EAB086FB7594FE2179FE3CDC4E37B7DDB1113CA0B00407DAE182ED86069B642C4F1AEC76D30DDE12FA7FFEA39F2E194C8C6A6060B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..Z...........x... ........... ..............................^.....`..................................x..O.......(............h..p$...........w..T............................................ ............... ..H............text....Y... ...Z.................. ..`.rsrc...(............\..............@..@.reloc...............f..............@..B.................x......H........%...5..........d[......,w.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Security.Cryptography.ProtectedData.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21648
                                                                                                                                                                                                                        Entropy (8bit):6.57237392280082
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:/LoCClk2P9vGMCxvcFHWAR6jDWn/WyRIHRN7er+leLR9zusBvjv:Dofk2Fvaxki6uo0eked9zuY
                                                                                                                                                                                                                        MD5:E52A7A4ED5621744ECF2D8E8121BAC97
                                                                                                                                                                                                                        SHA1:59220619E2239E707A5E3CFF042EED85D8473EE3
                                                                                                                                                                                                                        SHA-256:F48944813063E301668B25DC7EDECC4839FD45668EA154EA67493D1E43411C18
                                                                                                                                                                                                                        SHA-512:02FA15F50C16E6C787987D4091822C7E10DEE35B6D7788278EBA3C86D787DD8D1FE968E632B7F347E501B08DF9C596D3C2D46E325E9DD43E55B0B74E3FEDF03F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.0..........." ..0.. ...........?... ...@....... ....................................`.................................u?..O....@..(............,...(...`......h>..T............................................ ............... ..H............text........ ... .................. ..`.rsrc...(....@......."..............@..@.reloc.......`.......*..............@..B.................?......H.......H"..p............;..0....=........................................(....*:.(......}....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*:.(......}....*..{....*"..(....*"..(....*"..(....*>..(......}....*..{....*"..(....*>..(......}....*..{....*..{....*"..}....*"..(....*"..(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Security.Cryptography.Xml.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):50832
                                                                                                                                                                                                                        Entropy (8bit):5.727988012367281
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:cszrvfCYnnuJlMeEM8HC8d14Vx50lAhDVCeqjg50Zi9zub1:cgrvfJcP8p1E5tQeGAzu5
                                                                                                                                                                                                                        MD5:FBC263E6C69611037D1940F16D4A9B54
                                                                                                                                                                                                                        SHA1:315BDBBCDB9328CDF50A48FEC048A507B8CD1448
                                                                                                                                                                                                                        SHA-256:AF3E3764D5A818BC8AACDF671983B58DDB9289D4AC736571CD0C7FC1FF4DCD43
                                                                                                                                                                                                                        SHA-512:ED145BD1F5F485F81C91DAB1B9BCCBF1A2A93054F2CE76555D33F20E73AA6CAD7884834217AD84D164EFA0A55C11EBFFC3FCCE90B0FDD30E67541EF2DA84F1F6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0................. ........... ..............................B.....`.....................................O.......4................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B.......................H........&...K...........q.. ............................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Security.Permissions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):30328
                                                                                                                                                                                                                        Entropy (8bit):6.239972992007481
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:pS3NEDzTPs/9L7s4La7w2JpmxjP/h9+WzlWskiXvHRN7jWsVOY/wR9z1VBQ:E3YzTM9s37w26xjP/7Tfkofjx/M9zi
                                                                                                                                                                                                                        MD5:18346946D34E3A77B2733EC3809FD27B
                                                                                                                                                                                                                        SHA1:5B43C123B7176765450C1969B42C8EB63931302A
                                                                                                                                                                                                                        SHA-256:347555F8600C3171EBD53B3034683BAD125ACE59F1491EC58EDB08AA54C4AA8E
                                                                                                                                                                                                                        SHA-512:AE20F1DB6EDCE893ABAF0557FC5F7414A09D1B704845D902887FC385D85D97F650BCA3E3102E1BFB0575CEF6CD9B534F938ECA5CAC567D671FE28875B73E96A2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....|..........." ..0..D...........c... ........... ..............................,.....`..................................c..O....................N..x(...........b..T............................................ ............... ..H............text....C... ...D.................. ..`.rsrc................F..............@..@.reloc...............L..............@..B.................c......H........#...7...........[..x....b........................................(....*:.(......}....*.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Security.Principal.Windows.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18312
                                                                                                                                                                                                                        Entropy (8bit):6.439506871486808
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:cEwo6eTs14YY4cWpOW6dHRN7FYpJAlGspU:VwDdT463
                                                                                                                                                                                                                        MD5:BE2962225B441CC23575456F32A9CF6A
                                                                                                                                                                                                                        SHA1:9A5BE1FCF410FE5934D720329D36A2377E83747E
                                                                                                                                                                                                                        SHA-256:B4D8E15ADC235D0E858E39B5133E5D00A4BAA8C94F4F39E3B5E791B0F9C0C806
                                                                                                                                                                                                                        SHA-512:3F7692E94419BFFE3465D54C0E25C207330CD1368FCDFAD71DBEED1EE842474B5ABCB03DBA5BC124BD10033263F22DC9F462F12C20F866AEBC5C91EB151AF2E6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r..........." ..0.............V8... ...@....... ..............................!.....`..................................8..O....@...............$...#...`.......6..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................68......H.......|!..............\4.. ...|6......................................:.(......}....*..{....*"..(....*"..(....*"..(....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*..BSJB............v4.0.30319......l.......#~..@.......#Strings....8.......#US.<.......#GUID...L.......#Blob...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Duplex.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):15240
                                                                                                                                                                                                                        Entropy (8bit):6.704886410611045
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:VFp2xHHmWmOWdgWJn5pOj/zPHnhWgN7a8WSrQxey60ODX01k9z3A55/hePvn:qHGWmOWdrADHRN7Rc36zR9zSbePvn
                                                                                                                                                                                                                        MD5:788B7D3AD3DFCE26BDBE8CA0E409D1AC
                                                                                                                                                                                                                        SHA1:AEA0C90B5A67FB5381DBBE0F7759331947BA355D
                                                                                                                                                                                                                        SHA-256:6236530BDF70953C69D4BD24109BEFBE33C23CE6D5064429E46E14F7A9E305D1
                                                                                                                                                                                                                        SHA-512:A7A8B814954891A0E6D61F562AE472E704E6871B5953360555FB8B260C6ED456C7487EED2CB5BFBCC0F0D7F394B99E46FD2768D67E8B9DAAAE75C2D966F23A08
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0............." ..0.............")... ...@....... ...................................`..................................(..O....@..x................'...`.......'..T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................\'......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID.......(...#Blob......................3................................................*.0.....0...g.....P...........M...........c.......................J.....{.....~.......+...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....+.8...+.N...3.d...;.....C.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Http.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16264
                                                                                                                                                                                                                        Entropy (8bit):6.61449536515491
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:Onx9Z4xlhMAWs+WzWJn5pOj/zPHnhWgN7awWglpwKKD1Y6uHX01k9z3ATiw:mGlhbWs+WEADHRN75cDeZR9zaiw
                                                                                                                                                                                                                        MD5:1DAFABA1612F912D998CF9F42484E8B7
                                                                                                                                                                                                                        SHA1:61A44D9A6805AE4C738EC55F86CE65474735A503
                                                                                                                                                                                                                        SHA-256:2D6E588417088F2F0F0F67217712D963A53A0ECD4C4F323F44780B1BC35F0344
                                                                                                                                                                                                                        SHA-512:BD3B52A8AA2D6B8D2789FBA41BD3179A32226639969F98B5136BB24CAECA61617DB78FC395D5E66A98B0688EBAD69D9B4DCCB2C4ED35ABCF748B94A6398E4BA1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f.~..........." ..0..............,... ...@....... ..............................9 ....`.................................L,..O....@..h................'...`......\+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...8...#~..........#Strings....T.......#US.X.......#GUID...h...$...#Blob......................3................................................}.t.....t.....a........._.......................B.................................................[.....[.....[...).[...1.[...9.[...A.[...I.[...Q.[...Y.[...a.[...i.[...q.[.......................#.....+.....+.6...+.L...3.b...;.}...C.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.ServiceModel.NetTcp.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):15808
                                                                                                                                                                                                                        Entropy (8bit):6.632688007016038
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:y9DhYztax7++lWmWWZWJZf8sGGrHnhWgN7aMW8fOZmp8TKjX01k9z3Ab+OhfpKI:emtA7DWmWW+rHRN7nfOsWAR9zgxhfpKI
                                                                                                                                                                                                                        MD5:E2B310D8D50A9A4D930C5AAA11049342
                                                                                                                                                                                                                        SHA1:D3DB8CC477F90D77657B74AE4D04D2C9225DB6C5
                                                                                                                                                                                                                        SHA-256:2E21E6B2B768918BD956894E4658D60788FCD1CD1737FB15DCC5827C0C0D6FB7
                                                                                                                                                                                                                        SHA-512:BFC29978CADC2F4B993E94A1E5A339C96CE9B3AD9B96F389576E174DED38CD02E4B2A3691213768C29B129E3D49FA666C060FB5BB5BA2A4B4051C17AC4EC6E30
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G..........." ..0.............&*... ...@....... ...............................y....`..................................)..O....@..x................'...`.......(..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................`(......................................BSJB............v4.0.30319......l... ...#~......H...#Strings............#US.........#GUID.......(...#Blob......................3..................................................4...q.4...E.!...T...........+.....X.....'...........p.................Y.....B...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....+.8...+.N...3.d...;.....C.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Primitives.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22408
                                                                                                                                                                                                                        Entropy (8bit):6.287427586092915
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:J8h2IgODoeNoPGWqEWlADHRN7rc4dzoRoR9zmzRv:az1zNoKTADrbh9zgRv
                                                                                                                                                                                                                        MD5:4E6C72C57D5ED93AB88084DC3CE53F89
                                                                                                                                                                                                                        SHA1:4D7D2FC3616A57A286510DB6FFD9F9477A4BA28F
                                                                                                                                                                                                                        SHA-256:8D94790B3C769FD2945E90F5FF4762BDA01D70C3D6334E1D819866F9FDFFADE9
                                                                                                                                                                                                                        SHA-512:48FF66106DD6E980D0AECD4CA3D09D71839CB607CC9242DD0710CD4A1AD45D432FA2BFE3A1A43260B75571EEC6823FEF7D5ADF2815EA74E0522B6DB54435C421
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....R..........." ..0..&...........D... ...`....... ....................................`.................................|D..O....`...............0...'...........C..T............................................ ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......P ..."...................C......................................BSJB............v4.0.30319......l.......#~..,...D...#Strings....p ......#US.t ......#GUID.... ..,...#Blob......................3......................................I...............\...................t.....t...C.t.....t...\.t.....t...6.t.....t.....t.....l.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+. ...+.<...+.R...3.h...;.....C.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.ServiceModel.Security.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16320
                                                                                                                                                                                                                        Entropy (8bit):6.66471451018443
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:tLdfnRbyxmMrW4gW/UWJZf8sGGrHnhWgN7aB+WwfQTb8o+X01k9z3AR4xzq:6LrW4gW/DrHRN728fI+R9zmQq
                                                                                                                                                                                                                        MD5:A21DC73AE1E0BF662BE916A5EB9F7842
                                                                                                                                                                                                                        SHA1:5694E72797D9120979BAAFA5866F8643D66F5878
                                                                                                                                                                                                                        SHA-256:2932214888124DC7BE3A70EA4839C21917C9C79BF7A502CA0B903D247E3A91A9
                                                                                                                                                                                                                        SHA-512:2D540C9DD2D5C97880B3C8DFD00425744D2A603A4132A5C45E052F15B2951E521E8048162469B14A753D19A13A1EA71B9C46B3A1797269D888EC7FCF2D40F379
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j............." ..0.............V-... ...@....... ....................................`..................................-..O....@...................'...`.......,..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8-......H.......P ..<....................+......................................BSJB............v4.0.30319......l...<...#~......X...#Strings............#US.........#GUID.......(...#Blob......................3................................................:.............................w...........s.......................Z.............%.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....+.:...+.P...3.f...;.....C.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.ServiceProcess.ServiceController.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22136
                                                                                                                                                                                                                        Entropy (8bit):6.553435177736525
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ERiNrM5s2PuLGMcrt18VKWiWV1upaWuiXvHRN7TyAdVUB3R9zeZ:ERiNIs22LYtT4ofT9VUP9zg
                                                                                                                                                                                                                        MD5:57309E02D50092A1D8AF78F0E0E18E70
                                                                                                                                                                                                                        SHA1:87CFB2BE5BB611DCE9EA29170EF535C5FC24A595
                                                                                                                                                                                                                        SHA-256:9AC1FD35AE5EB148B23B41CACEC6E09F1B83FD8E8270B8A79E9C401B284F5D8F
                                                                                                                                                                                                                        SHA-512:FCAE08EA95858E69BF89D7430395732CE1F79F772BEEBF4ECFC9AADF796282869C89493F4460249980E22065C83BA0A4AAB1736D36D84F76CCE3674BA3150791
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....EI..........." ..0.."..........VA... ...`....... ..............................U.....`..................................A..O....`..4...............x(...........?..T............................................ ............... ..H............text...\!... ...".................. ..`.rsrc...4....`.......$..............@..@.reloc...............,..............@..B................7A......H.......H"..............L=..0...|?........................................(....*:.(......}....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*:.(......}....*..{....*"..(....*"..(....*"..(....*>..(......}....*..{....*"..(....*>..(......}....*..{....*..{....*"..}....*"..(....*"..(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Spatial.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):120696
                                                                                                                                                                                                                        Entropy (8bit):5.967583188996837
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:4orllqhBzoamHINk9Ho7LC0Ww+PWmunmX2L3il13LcNztVqy0AvfCVfTqnxi1kgS:4orIg9HoGxKe2DilqyVfTS1Tb
                                                                                                                                                                                                                        MD5:9967997F9417D77C114C7DEDF25A9046
                                                                                                                                                                                                                        SHA1:1A02D843132291A7E140048F0BE2FC48C4EF1425
                                                                                                                                                                                                                        SHA-256:47F6F02CC014EA7DA751D2A25FAD1AEA1643FD976F09E1C7CE2AFAE89B082CF1
                                                                                                                                                                                                                        SHA-512:5A90AE173A8841248B0AB86F410C302FA1B19058A70BCBC178D6A2DF892F119DF319ABCA30BF343DF2C7A03B24A531165CE283E7871062DD0919A1ACE616E185
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F8`...........!..................... ........... ....................... .......!....@.....................................S.......0...............x#..........`................................................ ............... ..H............text........ ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B........................H.......................H...O...P ......................................l]?r3.Pl..W.#.k....<.. ct%L{.S..6.$.mo..P...i+.NS.=.-.ER"E.....N.C......z.7........<D..!.,.$C(^.l..^k.'...ul...j.@..5@rk-....o....*..o....*..o....*..o....*..o....*..o....*..o....*..o....*..o ...*..o!...*..o"...*..o#...*..(...+*B.(........(%...*>.(.......(&...*....0..9........r...p.o'......X...1".o(....1...o)....:....r...po*......*....0..=.........(+...-(...~,...(-....(........L.......Z..o/...*.(0...(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Text.Encoding.CodePages.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):764560
                                                                                                                                                                                                                        Entropy (8bit):7.475776150976652
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:s7i7xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPDdC:689km6k/IwRYbiBeKGCms
                                                                                                                                                                                                                        MD5:40F8B2E776E65B772C02356EE2B75161
                                                                                                                                                                                                                        SHA1:6B7198566D80D2C9C2D3629BB1BDE3CC2D8921B8
                                                                                                                                                                                                                        SHA-256:67D868132552144C49AD929AF33B774B371E3D1E5CB6AD2B67523BCD08351553
                                                                                                                                                                                                                        SHA-512:60FDDBBDAE3B546B4EF92751D16B999336C4D51F4D3FFC1846DF108F897F3D73C94087687DCA35F8B9D8AB01A8F428AD0AD6446C559A5980C12807DD5B4455DF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...". ..........." ..0..x..........>f... ........... ..............................,n....`..................................e..O........................(...........d..T............................................ ............... ..H............text....w... ...x.................. ..`.rsrc................z..............@..@.reloc..............................@..B.................f......H.......l....,.................td........................................(....*^.(.......6...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..0..........(....,..*..(.....o.......&...*..............!....0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....( ...*..(!...*.*.(....,.r...p......%...%...(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):78976
                                                                                                                                                                                                                        Entropy (8bit):6.105061710610473
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:4OO7OOOc2yIDmBkKQh3rt7jUGyRG/mz4CRLf8ocVW4t72bfQZHzp:fyMmXQh3rNjUFG/mk8f8owW4s0ZHF
                                                                                                                                                                                                                        MD5:C77AE3414D78C1F082C65415FAE69661
                                                                                                                                                                                                                        SHA1:3B35461D86A774535AC226CA9706FB50332DE20A
                                                                                                                                                                                                                        SHA-256:C792BFE3F43C894E20339252D159A96A20CCC6E13322B2D382570FF97939E501
                                                                                                                                                                                                                        SHA-512:08941BA8BE5031CC4E363A916525437C62B409576C91C10FC72795FAA10BC989F0D1797B576802E208DFE4305A4447C0299E2755BA92F97F531DE1F56FD5865A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....u............" ..0.................. ... ....... .......................`......<.....`.....................................O.... ...................(...@..........T............................................ ............... ..H............text...0.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........m......................H.........................................('...*..('...*..('...*^.('......8...%...}....*:.('.....}....*:.('.....}....*:.('.....}....*^.('......9...%...}....*:.('.....}....*:.('.....}....*..0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X((.....R...((.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X().... ...._.S...().....d.S*..0..&.........+....(*...G...Z.(......X....(+...2.*...0............(+.....1...(+....Z.:..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Text.Json.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):582320
                                                                                                                                                                                                                        Entropy (8bit):5.99177382417674
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:Bo+rY8ZyAVNXL1VPGSEiWqJHsiEg2A9fLF:BhxXXrPGS6A7h
                                                                                                                                                                                                                        MD5:B7083FFD5D2BBBE83C6B439196838D78
                                                                                                                                                                                                                        SHA1:17B58D7F1CFFE4C1DD8E8246E127C949F4066D85
                                                                                                                                                                                                                        SHA-256:D14DBC34F6824757E6F6AE758B05F76C447F96F8D75BE3C4B8286FCC5A388B30
                                                                                                                                                                                                                        SHA-512:6C82D0F3B8E65DB99AA6F3973A6CB69CC9D02EFD3C3CC55AF03F01D5318360054E004EA4BCB53A2A7CF5DC1C0D77DC9183B479654CF88BBAC7B263FC68C61B16
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ......+.....`.................................i...O........................(..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........S..............`O...w............................................(J...*..(J...*..(J...*..(J...*^.(J..........%...}....*:.(J.....}....*:.(J.....}....*:.(J.....}....*..(J...*:.(J.....}....*.0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(K.....R...(K.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(L.... ...._.S...(L.....d.S*..0..&.........+....(M...G...Z.(......X....(N...2.*...0............(N.....1...(N....Z.....(...+.+...(N....Z......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Threading.AccessControl.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32384
                                                                                                                                                                                                                        Entropy (8bit):6.261164890599204
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:HmYwdT2p9aduwTfsT7afuo0NIlCxNaix9zv:Hmfds96uwACWo05jzv
                                                                                                                                                                                                                        MD5:ED046BFFFC081740B71C6A3CCEBEA3BE
                                                                                                                                                                                                                        SHA1:7F965E18252B1F03FE74E5DA000F85A938E16543
                                                                                                                                                                                                                        SHA-256:B18481F09A5CDC6C774B344A02D5557E9F134928B2BDE5BF42A5260CC36195A9
                                                                                                                                                                                                                        SHA-512:D4814CEE11609D6FCDC55ECD042A8216DD1A682300C0D3A6B5278BC4D7421E2B3AE1700D4CA4A023D414653B0BFC42508D0D9A88EF29011CDD370FDB4740B64C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..H..........*g... ........... ............................../.....`..................................f..O....................V...(...........e..T............................................ ............... ..H............text...0G... ...H.................. ..`.rsrc................J..............@..@.reloc...............T..............@..B.................g......H.......<&...1...........W......`e........................................(....*^.(.......,...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Threading.Channels.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):53904
                                                                                                                                                                                                                        Entropy (8bit):6.328404491602846
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:2k2Kl0dluLNefijrSS658GHmF7x2D9KVrOo/c/ckn6uo0elRmuU9zRC:h2Ke6/SSSHOG9KcoAckzo0od8z0
                                                                                                                                                                                                                        MD5:59436C9E3EDF074ACFB2C32C58D0C28C
                                                                                                                                                                                                                        SHA1:8ECBB9D024C6B54F1D13EFE4C4AFFF3286992CAE
                                                                                                                                                                                                                        SHA-256:4AAF175D1823A14899931C6257B7D0C1479F18FD3C1A5D30551786F900D41C5C
                                                                                                                                                                                                                        SHA-512:A4E846FAE51AC3DAF89DCA2B122B4F761A5A2FF0ED5A6E619D465115EB8328811C1BAAB41A0A1F10ED177ACAA56EFA2BDD2F91E93B244AA5FDB09FE4E90F5DE9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............z.... ........... ...............................4....`.................................'...O........................(..........<...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................[.......H........R..(f...........................................................(%...*^.(%......L...%...}....*:.(%.....}....*:.(%.....}....*:.(%.....}....*:.(%.....}....*.~....*..0..........(....,..*..(.....o&......&...*...................0...........(.......('...-..,..*.*.(....,.r...p......%...%...((...*..()...*.(....,.r...p......%...%...%...((...*...(*...*.(....,!r...p......%...%...%...%...((...*....(+...*..,&(....,..r...pr...p.((...(,...*..(-...*.*.(....,.r...p......%...%...((..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25984
                                                                                                                                                                                                                        Entropy (8bit):6.291520154015514
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:1R973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8aJcyHRN7WEimpplex:1RZ4nNxnYTb6Blha
                                                                                                                                                                                                                        MD5:E1E9D7D46E5CD9525C5927DC98D9ECC7
                                                                                                                                                                                                                        SHA1:2242627282F9E07E37B274EA36FAC2D3CD9C9110
                                                                                                                                                                                                                        SHA-256:4F81FFD0DC7204DB75AFC35EA4291769B07C440592F28894260EEA76626A23C6
                                                                                                                                                                                                                        SHA-512:DA7AB8C0100E7D074F0E680B28D241940733860DFBDC5B8C78428B76E807F27E44D1C5EC95EE80C0B5098E8C5D5DA4D48BCE86800164F9734A05035220C3FF11
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..8...........V... ...`....... ....................................@..................................V..O....`...............B...#..........PU............................................... ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H........0...$...................T........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.ValueTuple.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25232
                                                                                                                                                                                                                        Entropy (8bit):6.672539084038871
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN
                                                                                                                                                                                                                        MD5:23EE4302E85013A1EB4324C414D561D5
                                                                                                                                                                                                                        SHA1:D1664731719E85AAD7A2273685D77FEB0204EC98
                                                                                                                                                                                                                        SHA-256:E905D102585B22C6DF04F219AF5CBDBFA7BC165979E9788B62DF6DCC165E10F4
                                                                                                                                                                                                                        SHA-512:6B223CE7F580A40A8864A762E3D5CCCF1D34A554847787551E8A5D4D05D7F7A5F116F2DE8A1C793F327A64D23570228C6E3648A541DD52F93D58F8F243591E32
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ...............................H....@..................................2..O....@...............$...>...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\System.Web.Http.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):456168
                                                                                                                                                                                                                        Entropy (8bit):6.001545721013484
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:PDKZE0Qm2v6R8jPwOjHuKjTXkrdWzHjb/KZcIX9tHJZtiH0uISL0:PGZEYwjPwCRB//KZZjIISg
                                                                                                                                                                                                                        MD5:65B14DDFFF038B7E55DA6A26C836314E
                                                                                                                                                                                                                        SHA1:4204A21005F521D7DBCFA816A60F064B8C07757A
                                                                                                                                                                                                                        SHA-256:142FCBDF637EB89C4A5ED90B43A1B81317091F9A42D464D916344EF683CDA674
                                                                                                                                                                                                                        SHA-512:837E55FACD1E89311EE08F4C8482F0AADB3307C65F9D9D8DCFD73575286720D260675D318E2F818DC2289631C5B2618BFB2374325A51B722111A5E1143160562
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....].b.........." ..0.................. ........... .......................@......Wi....`.....................................O........................'... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H............W..............x[............................................{G...*..{H...*V.(I.....}G.....}H...*...0..;........uL.....,/(J....{G....{G...oK...,.(L....{H....{H...oM...*.*. .... )UU.Z(J....{G...oN...X )UU.Z(L....{H...oO...X*.0...........r...p......%..{G..........O.....O...-.qO........O...-.&.+...O...oP....%..{H..........P.....P...-.qP........P...-.&.+...P...oP....(Q...*..{R...*..{S...*V.(I.....}R.....}S...*...0..;........uQ.....,/(J....{R....{R...oK...,.(L....{S..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\TicketStore.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23624
                                                                                                                                                                                                                        Entropy (8bit):6.632576019719806
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:TLhVgS5/Cy2Xngowvzn9DijCD0h8uidNcG99+EeIYiArev8s2oAM+o/8E9VF0NyI:fhT5T2Xng/8OrdmG99+AYiRv92oAMxk7
                                                                                                                                                                                                                        MD5:2D1D80DB0D18D174B9E6272CBEBC8FA1
                                                                                                                                                                                                                        SHA1:735DD32AE4E7C139DABC2256623CB593DC112A71
                                                                                                                                                                                                                        SHA-256:C8F7D4764263DC794C3BFA3C44FF08427AE191FE4AEE98E7B44BFAAB689BFFCF
                                                                                                                                                                                                                        SHA-512:0C9D06A0D5205DABBAC5392885972F7CDD87542E6BC5529760E6AB9F4BC060671E94D84F3205D258D614BE9C5460C20ED99CD5B8837080361F6CE6960F297282
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..,...........K... ...`....... ..............................R.....`.................................}K..O....`...............4..H(...........J..8............................................ ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................K......H.......X(...!...................J........................................(....*:.(......}....*R.(......}.....(....*2.(....(....*..{....*..{....*"..}....*..{....*"..}....*..0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*.*.*2.t....s....*...0..b........~....}.....s....}.....s....}......s....}.....(......}.....{.....o.....~.....(....(....( ...}....*...0...........{....r...p(!....{....o"...&........s#...s$...%rA..p.{..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Unity.Abstractions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):79360
                                                                                                                                                                                                                        Entropy (8bit):5.673499510154978
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:h6o5TEFNFF3beJEcPkBFQsyX+0YkcILtcYclZL5WVHvhhwQBO:3TE/DQPQiXpjLtTQZ1WVHZhwQ0
                                                                                                                                                                                                                        MD5:66183C6A0E3843A05E9A2AEC1C3E7F96
                                                                                                                                                                                                                        SHA1:564133B4E2F9E7C1B42677E0765662BB64C691C1
                                                                                                                                                                                                                        SHA-256:DDDE7D7EA29D22571FF35B9402CC8418E216B40DC635A0C4739657FD4C800809
                                                                                                                                                                                                                        SHA-512:F4C3FDF11F1BF87A4DB12881848FFD02E8E608B5D0852433364AC5155CC810C067748CF3A33CC0E6191F4E84B29DE8395EBB4D090CB13511E0C3A2C0A7B44F15
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'.\..........." ..0..,...........J... ...`....... ...................................`.................................UJ..O....`..@...........................|I..T............................................ ............... ..H............text....+... ...,.................. ..`.rsrc...@....`......................@..@.reloc...............4..............@..B.................J......H........f..h....................H........................................o"...*..o#...*..%-.&r...ps$...z......(%......o....*..%-.&r...ps$...z......(%......o....*..%-.&r...ps$...z......(%......o....*..%-.&r...ps$...z......(%......o....*..%-.&r...ps$...z.....(%........(%......o....*..%-.&r...ps$...z.....(%........(%......o....*..%-.&r...ps$...z.....(%........(%......o....*..%-.&r...ps$...z.....(%........(%......o....*..%-.&r...ps$...z......(%....s.....o....*..%-.&r...ps$...z..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\Unity.Container.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):103936
                                                                                                                                                                                                                        Entropy (8bit):5.78327892852748
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:lbiRW0HUARbWvDldf9CecoMTsl4dkaDtJvaJhXVHAhkVeN:lbNun0cojqdkaDtJvafXVHikVeN
                                                                                                                                                                                                                        MD5:2AD052208660B79765237E427D6D033F
                                                                                                                                                                                                                        SHA1:7E7CEFDD8C32D87411C84FF6C8206ED3736FD0E6
                                                                                                                                                                                                                        SHA-256:60F1DDA1539FDC57D64070D4548623FFB3125C09D4FC7BE3FF10E60AFB8AAEBA
                                                                                                                                                                                                                        SHA-512:D1DF4005FE7A2F6624791BD17016B210377296101982CA226553F3B7F5106F54FA74330DB19196AF867C45A885A4E78DF4122D570B1642740798EBF52628CD75
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jU..........." ..0.............".... ........... ..............................N]....`....................................O.......................................T............................................ ............... ..H............text...P.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...............................|........................................0..)........{.........(/...t......|......(...+...3.*....0..)........{.........(1...t......|......(...+...3.*....0..)........{.........(/...t......|......(...+...3.*....0..)........{.........(1...t......|......(...+...3.*....0..)........{.........(/...t......|......(...+...3.*....0..)........{.........(1...t......|......(...+...3.*....0...........s2...}.....(2.....}......s/...}......%s3...}......sf...}...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\downgrade_site_7.41.1100.0-7.41.100.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):336721
                                                                                                                                                                                                                        Entropy (8bit):6.046537078620584
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:XcskzMJCwXS7bBD1snuYDDaGWydNicxVjt8K31gWDxMBY9oKpu78v:KMJCwCB1MDDa1yDJt8KLMB5KJ
                                                                                                                                                                                                                        MD5:629B772B44E0E9F7EB3D3757B6FBF287
                                                                                                                                                                                                                        SHA1:81EFE42F802E1446704E495A97E77FE06267AE8B
                                                                                                                                                                                                                        SHA-256:22FDC0F4B2FD73D6FC79853D7F4472DF2928E33A0771FD0870B75E2E9127ADF3
                                                                                                                                                                                                                        SHA-512:9B25617D6E0B7E54F3D24B0DA63D27867AFAC4A48523866A73677886B975926911FED19F0603EE32C6E9EE4BF5574BB382FAC800280A6E98AA732017194DD5A1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.41.1100.0</from>.. <to>7.41.100.0</to>.. <version>7.41.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>HIOBtW5IrVR0w3al05278A==</checksum>.. <checksum-sha1>YHCRhY6Z1jCJm+6BaYHVlRHJ9gE=</checksum-sha1>.. <checksum-sha512>RuOOsqEiwdM5Q8P9yxGLqjpGzVD5Zggwbiz9OUlVhmYi/136UE3OuWiyf7/RNJUaI2uStc2QYZ3g30Lbemv5Xg==</checksum-sha512>.. <referenceSchemaChecksum-sha1>6dK4elX84Hpwqn9xSkMWkeL9+mw=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>gKg69TzixL7tSgxvYIzOkH3SV3cFsyZCbgbyA5ugrjIFlVv0PkoTt6gaKKdtCCUQEydoguGb9Ci322mh3JppnA==</referenceSchemaChecksum-sha512>.. <script>7L3rkts4tib6vyP6HRg7YsL2nGSa90vXuKOyMu2qnPZtnOlyx1R0VIAEmKltSdQWJdu5X+38OI90..XmG+BYAkwItSdtvV1Xta+1JOCQBBYGGtb13x//+//5/rOlc7tuZsy53NVrBVsRR//EMjdg5bN4tf..1/vlsnHq9Xfqu//Y1zvBf11wsd4tqoXY9j99YuXuV1bU25367qb+4x8WlfP992K7rbfO//iz4zmF..uFmsnX0jnF92YrXhxd8cseaq7R//QF

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_5.0.0.2-5.1.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36003
                                                                                                                                                                                                                        Entropy (8bit):6.055277488712397
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:mrrz4dNqAAQ/2zOIDrMEgtzqPA7KNd575YikW:S4vuQaMhmNd5lYW
                                                                                                                                                                                                                        MD5:C9BED89920034EE4E317BB66F36555D0
                                                                                                                                                                                                                        SHA1:52D642B1B52F7AB0E4CE4277DB519346F4393654
                                                                                                                                                                                                                        SHA-256:47FE11EF7EBE959617318B6E4DD949A21AD491C046AA5BBC1457858245BE8BD0
                                                                                                                                                                                                                        SHA-512:5B18ED1B0916ED31A7092EE2B31FEC7D73994C47622214B3D65CD32834E67A554E993F309716120B3802EDD7295112ACE3CF1049C36AC52DD066409B4A6D0529
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>5.0.0.2</from>.. <to>5.1.0.0</to>.. <version>1.0.0.3</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>fnbK3jserbTib9aGvcwz7g==</checksum>.. <checksum-sha1>Tf6IoUNixOrRb5UHYk/XWyCQKVI=</checksum-sha1>.. <script>7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28..995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8i/se/9x/c3k5ft9lyltWz..dFXn2WJS5r9x0uRtmi2b4vdfrsuySavloXz2i9ZVm89+/2KWL9vivMhr+eqi+o2T3zghUJ99Y09K..0BjkF9UMPc3SNxmh1qQf8Gxv/6wgCaDf7MNoTueT3/+kWp4XF+PXRZunj9Lj2Sxd5lfptCrXi2Xz..GyeT/KJYpm1NU5VN24LnYpZPy6zO09/zdZuv0mLZ6tTJ35+l9+nv4tyH/rT6ajXL2hwNtrjZHWq3..mzL03zjJ3+XTNfXv49NmdeteEtiHwPo3TrKyJbZoMVndIfzGCWYho1Ecr1ZlMc2A8vNimi+bnKY5..L4HuSFrheZo3b9tq1W2RLiv6PzEmEWLZ0Ojx2dNnv/+bfLH6/XfTWX6ercs23dq9oyjly9lvnEyr..xaJoO8QyjPvNPgPT97SuVmlLSFZ1Vl97yH/Nmdzd+Qam8oOmcoYRxSbh/12Et3Izz6dvvwG6/79C..hDyyn/xevz+++/0HpMoJFB4hw

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_5.1.0.0-5.6.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):46283
                                                                                                                                                                                                                        Entropy (8bit):6.051759022689109
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:d8+JE38cL19xpxpo8KehQS2HzL3RTY+JNMOIbIuNDGZNHc9rgsV86:d3S3ZfxpYeQHf3RTzNobIyDM5MVb
                                                                                                                                                                                                                        MD5:36BFD8FC9FEC33FFDF2E5EA59936862D
                                                                                                                                                                                                                        SHA1:1C16A6BD406C3DBFB845C3A117DFA9F9A63CA17D
                                                                                                                                                                                                                        SHA-256:442C00F57EBE119E6ACF560729FF8B865E28B269F774589731CD2DC9D178F5FF
                                                                                                                                                                                                                        SHA-512:B0E4B6165134487DFB738702772EABA44A6C0CD1EBC6BBFA5B3D89D98B0509B533D0FE39028D0E6162A8376DB2BA80153E1F4CD44B4AB13C5347F051238CC108
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>5.1.0.0</from>.. <to>5.6.0.0</to>.. <version>1.0.0.7</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>rZR3LdhfdBtSH6vgRWrdTQ==</checksum>.. <checksum-sha1>P6W5e/EpkNGkHt75aZhh7h5XcLc=</checksum-sha1>.. <script>7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28..995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8i/se/9x/c3k5ft9lyltWz..dFXn2WJS5r9x0uRtmi2b4vdfrsuySavloXz2i9ZVm89+/2KWL9vivMhr+eqi+o2T3zghUJ99Y0+6..vc0Qv6hm6GiWvskIsyb9gEch3tj1rR+GCJjf7MNYTueT3/+kWp4XF+OTrM3K6qJJH6VP62qVVpOm..KvM2T6fVsmnrrFi2zW+cTPKLYpnSn8smm7YFz8ssn5ZZnae/5+s2X6XUTqdR/v4svU9/F+d+X0+r..r1azrM3RYIub3aF2uylD/42T/F0+XaNn9wZxT926lwT2IcbwGydZ2RKLtJi52IB+4wTTMsOY3FDS..k9/r9zcNzC+/V7GcjaQ1PwOtn64Xz4q8nDWv8l+0Lur8Nu+8vGzCdxT1fDn7jZNptVgUbYeohtm/..2WfDpB/PZukyv6IRlOvF8mtO9e5OfK5/uHOd0VC++ursabpeFr9onXt6ZFm1KZSNP09Pn7l54rdm..+Xm2Ltt0i8hRzLbu3Pl/8WTN8

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_5.6.0.0-7.0.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):479092
                                                                                                                                                                                                                        Entropy (8bit):6.045640904233629
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:m0KFGcEJCCCZFpLeDTONcNMbEcdnO2sntSd0/HJvTfsUHGAfpQQSDpYbi+eOqgrA:2G3CCiK3Ol5nwPFTfF6QDiAkQByw34f
                                                                                                                                                                                                                        MD5:82363F17084E3F9F2266FBDEB2CC5F02
                                                                                                                                                                                                                        SHA1:6F979C06708F47C0FA8AF63F2508795C396C7A1E
                                                                                                                                                                                                                        SHA-256:4E757AE288AA70A3C5A059CC6BD1A0C252BC92DB63993D6812AF7AC5104B5233
                                                                                                                                                                                                                        SHA-512:F519DA026EA62C105C2009AE9EB96F2D87A9EB74BB4F11F055D32ADEC5A0FE71815BDE0FC28C437F78912B6307478F870AA722F4857E50FB8BF35321C6F5A169
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>5.6.0.0</from>.. <to>7.0.0.0</to>.. <version>1.0.0.31</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>xb884KoO5Lf6IsiATnNcqg==</checksum>.. <checksum-sha1>n4+LlhlH4vHNNhHXXVxT6Tj2YN4=</checksum-sha1>.. <referenceSchemaChecksum-sha1>R6qiPkQm8PxRXptJPBOtj32NOnM=</referenceSchemaChecksum-sha1>.. <script>7L3bdttGtij6njHyDxhrr7NFZcmKJF+STtoZoUkp5o4valGy19kZHhoQAUlogwAbACWzH/aPnYfz..SecXzqwLgLqjQOJC2fJDd0RUzZo171U1a9b/9//8v0+eONPMjTw38ZxF4rvzq9D//rvUzxw3SoPL..aBmGqRNHv5Lf/rWMM9+7DDw/yoLrwE/KT1/cWXbpXsVJRn67ib//Lrh2fv/dT5I4cf7+m3PgXPk3..QeQsU9/5K/PnC+/qk+NHHmn7/XcIlfcXZ6Pjy+no9fHb4S/O8/0X+wf7B/jT+fDsj+Pz4tNP6AP6..hD/+0OQ/DPFi4bmZ75wWJGllFC+JF0Boz0n8GYwEA2a3vnO9jGZZEEeYgPHVP32gbOANdma3V5ej..OLoObvbf+pkLCLrTRRhk0ywJopudXSdInSjOHMS077/DxP7+Owf+4WFyqI4ZzPffAUt+RXQlXKF4..WfcekCF/Rx8cFxC6c5PZrZsM5u6X3T36cXa7jD6jr0GU+Td+8v13u99/l/jZMolS5/ezLPrghksg..hotJT0FOP

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.0.0.0-7.1.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):283329
                                                                                                                                                                                                                        Entropy (8bit):5.976995595672924
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:2E5oQ5pP7Kzk2PT4396zyMCrefBBOd+dCoEKfg2+3GQgm:2VwKI84396zy5KJLCok9
                                                                                                                                                                                                                        MD5:83443EE97E5792862503371BE14B392D
                                                                                                                                                                                                                        SHA1:61A2B4283993F69AACCAEEE52CC084E5CEC5E1FD
                                                                                                                                                                                                                        SHA-256:947539948293720B0053DF97DC9B48C1C5CD534D1C0BF0B982D9A28D7BF7DFA5
                                                                                                                                                                                                                        SHA-512:3B0C4824E80572001FCC71537E2AC7D45D6DBB12BE1313B7CA771E6BDA1CCCFBF18A796BCFF2329C973E83FCC931FA176908D8738EEAA1DD38ADED4417A476BD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.0.0.0</from>.. <to>7.1.0.0</to>.. <version>1.0.0.7</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>Cq8xySlVwcCbtMnaigHI6Q==</checksum>.. <checksum-sha1>+DFSmjpqx6cvTs9npRzNaF+b0dk=</checksum-sha1>.. <referenceSchemaChecksum-sha1>SRJD9QBZyeKSCYNAPo341cI15yk=</referenceSchemaChecksum-sha1>.. <script>7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28..995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8i/se/9x/c3k5ft9lyltWz..dFXn2WJS5r9x0uRtmi2b4vdfrsuySavloXz2i9ZVm89+/2KWL9vivMhr99W7bNr+/tmkqlv57KL6..jZPiPP09f8+8rqs6fXyU7qST/KJYpusmT7/X5ovVbPL9NF/OpO1vnACVL796dXL6+78++fbpF8eP..0gfjHfzHX705fvX56Rvvq135ir/81jf5MMSTeba8yNPX03m+yNKXeb0omqaols3PRn8/GzAJ4tO6..WqVP8zKnObsrA5qlr6+X1fJ68f+5cTyr6ry4WKa/V37dpGdLM670TUYc+/+l0RzPZumL/Cp9mrVZ..+uZ69XOL/I042ydAnqn+/1nsn62X0xbCnG6dk246qRarNXjppCrXi2Vz52ej+58NmN0J+aHPRTqd..T35/sh9tPv

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.1.0.0-7.5.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):293039
                                                                                                                                                                                                                        Entropy (8bit):5.981841016446965
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:o3az4R0JQRF8E/TR946CSTfrdt7mAtwyuVWj8:o0M58CR946VTfrdwC4q8
                                                                                                                                                                                                                        MD5:095402B26DA58F694C4EAD603C3C6C50
                                                                                                                                                                                                                        SHA1:3A859FFCF49EA53DB3B07CAA91041608F0A7888B
                                                                                                                                                                                                                        SHA-256:B8FF50D6DA0C25877B47A226456CCB66E72143FE5FCBC244309B8EEB81BF7606
                                                                                                                                                                                                                        SHA-512:D2C2225177F0F05E5BDC9880FC98ED62D0D1E2EB5C6080BE4936386A9802E90C9F1A15D27F7FB8A135D48BE17C5A61FED9C521ABC28ACAE7AA6DB3D2D7E18984
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.1.0.0</from>.. <to>7.5.0.0</to>.. <version>1.0.0.9</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>mXC7KA+BBySmxg2+UbmcUA==</checksum>.. <checksum-sha1>8lENNA2RPDQuEn24dOZs5mahniM=</checksum-sha1>.. <referenceSchemaChecksum-sha1>TY0F9h0alzKQVx8FOrY1HbIv5Zs=</referenceSchemaChecksum-sha1>.. <script>7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28..995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8i/se/9x/c3k5ft9lyltWz..dFXn2WJS5r9x0uRtmi2b4vdfrsuySavloXz2i9ZVm89+/2KWL9vivMhr99W7bNr+/tmkqlv57KL6..jZPiPP09f8+8rqs6fXyU7qST/KJYpusmT7/X5ovVbPL9NF/OpO1vnACVL796dXL6+78++fbpF8eP..0gfj3fHOeIe/enP86vPTN95X9+Ur/vJb3+TDEL9azbI2T19akvys9PK0rlZpVc7Sps3aommLaZOe..E7W+fb3K68uiqeqTbJVNirJor7/IVqtieTFmsubvqHWTbjV5mU/bdDc9r6tF2lw3Y0BqfuMk9Z6r..eV7n6TJb5Oln6cdvXv/+J9XyvLj4/Tf08nEIISVumKXV5KepM5p9AmN/3/p4Op8oxPEmiHfuCMwZ..xuyN93avj2

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.11.0.0-7.12.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):312443
                                                                                                                                                                                                                        Entropy (8bit):6.046358020978481
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:yAVW0uJPwESLeUQUUepRypXvZBFB7wNBJDud/XxaxFPvaQVnMgUs+:y1LP51UQUU+ypXvZ/BMNBK/wLPvdVMgI
                                                                                                                                                                                                                        MD5:E611A087EF7DAFBADED56F17A7D3654E
                                                                                                                                                                                                                        SHA1:A7263AF35DC56C44665728595AF13C081EEF8959
                                                                                                                                                                                                                        SHA-256:911BA6493A099DA3F1CCBE6E01A85E8C3FBCF0435AAA336F6FAA6F86D1D884F3
                                                                                                                                                                                                                        SHA-512:C8655A60473D54EF88A6ED50D8AC2496E454CBC708B6AAB89DB4371992A487421FC53E7259BC8D46268D0DF2063C9519818F8CAC34C39FCD87BAC51B284C6FBF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.11.0.0</from>.. <to>7.12.0.0</to>.. <version>7.12.0.23</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>wQSzfRUjLGh3dDbMzUxuqA==</checksum>.. <checksum-sha1>1JUwfqBfJ9yr5FvWAPPmAMzoUw8=</checksum-sha1>.. <referenceSchemaChecksum-sha1>mvEvLVgbdcgsq2vsYl/kRYg/JeE=</referenceSchemaChecksum-sha1>.. <script>7L1bc9tGtjD6nqr8B1TN+bao2RQjKZlkb3s0x4pkJ/rii0aU7alJpVwQAUkYkwAHACVzHr4/dh7O..Tzp/4axLd6OvACiRsjw7eEgsonuhL6tXr/v6//6f/3dnJxrXcZ7EZRLNyzSeXUzTr7+q0jqK8yr7..kC+m0yoq8qf82z8XRZ0mH7IkzevsMkvL5tWneFJ/iC+Ksubfroqvv8ouo2fP0rIsyujPf4l2o4v0..KsujRZVGv9bpbJ5c/BalecJtv/4Kh/Lm7dnR8w/jo5+fvzp8Ev0w2tsb7Y526d354dlPz8/1d/v8..jt7+cZ0PQXw7T+I6jU7VomzkK2fprLhJo2q+KLNiUUX/KvIUN+IyLdN8kkYwhjiKkyRNorqAF9kN..DuqqLBbzKoLFxCWKFvOrMk7SEe9EXkyKRS62IUmnKXS4LItZdPzT30+//iriPybXFx+Oivwyuxod..p9XHupj/hED/Dt8/VZ+vVJ8IPpbDfv+jgI8G+mJrbiufIoefRm+zJDogSEZz+Bla317Dp7CVePVL..lmPr3a

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.12.0.0-7.13.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):262808
                                                                                                                                                                                                                        Entropy (8bit):6.046793677984981
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:jEwkOjWOLZOmX3hyzyYcl2EfmrDcP6Mu2yjhEG4PXpEiENCE:gZ0WwVxyzUfmrCDu2A3sErN
                                                                                                                                                                                                                        MD5:FC67618177242B58DE8CA2E9AEB387FE
                                                                                                                                                                                                                        SHA1:784528759131E22DA2EDC32EC8EEB0DE953B5601
                                                                                                                                                                                                                        SHA-256:CDAB995E64360902657E892178B003B464F1CD1A2A887138D77968552BB7AA7C
                                                                                                                                                                                                                        SHA-512:63B0329EB2BB154072FB8519F1D7E35E0D7971518F90DDEB7815C6B59CF5CACD7B2362223558D1AD28BCEB7324AE1E1604CC12EC556653E3086D67CF219DFD1C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.12.0.0</from>.. <to>7.13.0.0</to>.. <version>7.13.0.18</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>uz1tK8X1apAr7jo+R9uXPA==</checksum>.. <checksum-sha1>xwq/cDLY3I4yAbryLgfKigU+zHY=</checksum-sha1>.. <referenceSchemaChecksum-sha1>8DwZcNVDIOhCjuGqR87qzNmRjfg=</referenceSchemaChecksum-sha1>.. <script>7L3tcttIliD6vyLqHRA7uy2yh6Itu7p71y5VmJZkF7dkWyvKpblT0VEBkaCENgmwAdCy5tX2x32k..+wr3fGQm8hMAKcrl6jJipssCM08mMk+ePN/n//u//+/+fjSp4mwWF7NoVSTx8mqRfPtNmVRRnJXp..r9l6sSijPHvO7/65zqtk9ms6S7IqnadJUf/0KZ5Wv8ZXeVHxu+v822/SefTiRVIUeRF9/0P0OLpK..rtMsWpdJ9EuVLFezq79HSTbjtt9+g1N59/786OTXydGPJ29Gz6K/DQ+eDB8PH9NvF6Pz1ycX+m9P..+Tf69c+7fAjicVrGsBjRaLGILor0+jopyocYaibGqXiMKIbx8iya3lz9epRn8/R6OJpOk7I8yxfp..9O58vUjK5x175eus2qjxf+ZZclYk86RIsmnXcWbLNHuVL2awPt06LBb5bTI7K/Iqn+aLjp3OxBRf..pYsqKU4yaNp1gqsVrFxcpXlmwNi4c/3P10W+Xo3KMr3OlknnNbb732cyBOE4KT9U+Wons9mu10V8..vXHHjTt0H

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.13.0.0-7.14.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):324697
                                                                                                                                                                                                                        Entropy (8bit):6.04644453999837
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:HUHVEW467f4aWnCxPbk0KOCy06uXAEv3C6TBqXgGMR8rSMC2WsR4:HUHVo6jICxcOC9Q2C6TwgIGX8R4
                                                                                                                                                                                                                        MD5:84F6C58F9363447795686EEFEF166891
                                                                                                                                                                                                                        SHA1:8F8DF4254CEE144D79044C0D8263BE813BF550DA
                                                                                                                                                                                                                        SHA-256:EE0E4742DA9BE5BD66F7C0D9DFD25A1121BE57A08110C0CEDDE28D7F49EEDAF0
                                                                                                                                                                                                                        SHA-512:92E257FAC5E3AB76868C4577ECDD462E9144E51FD4EFD05549281A291E179B100AE6D622CC6511B61CE064C12971468A3795E2E01E4C6AF0DF754B608EEBD537
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.13.0.0</from>.. <to>7.14.0.0</to>.. <version>7.14.0.19</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>q2Ai1MIkzII1BgCfMFZZfQ==</checksum>.. <checksum-sha1>NNdDG31N5Uscr9OKs5Dq8WBXMaA=</checksum-sha1>.. <referenceSchemaChecksum-sha1>NR5zOFd2ugPHxm4uDRdSfmHyayQ=</referenceSchemaChecksum-sha1>.. <script>7L1rc9tWlij6PVX5Dzhn7hlRcyhGspPuGTtKWZFshyd+aEQ5Sk2qywWRkIQ2CbABULKm7j+7H+5P..un/hrsd+PwBQohRnJqjqjkXsvbAfa6+93uv/+3/+352dZNKkxSytZsmyytLF+Tz7+qs6a5K0qPOP..xWo+r5OyeM6//WNVNtnsYz7Liia/yLNKv/qcTpuP6XlZNfzbZfn1V/lF8uJFVlVllXz/Q7KbnGeX..eZGs6iz5rckWy9n535KsmHHbr7/Cobz/cHL48uPk8KeXbw+eJX8d7T0d7Y526d3pwcnrl6fmu2/5..Hb39l00+BPHDcpY2WXKsFuWBvnJZpbNMrX1SN9lyhK940ldZshJN0tmsThr44WWRQsvZqyxtVlVW..T2D1G/xlmNxc5dMrapN9zusmLy7dxgS1KG+SKrvIqqyYZnVynaew28mrn0fJWZZM02KrgX3BbgTq..1c/JtCzqpkrzoklu8oa+QIAc4DwMmEI+nyfLcrmawwrOhrDv0xR3PTDwvIavESzVHsYyS/Jmawb9..YGwl/5

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.14.0.0-7.15.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):262245
                                                                                                                                                                                                                        Entropy (8bit):6.046783544520027
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:/kTegd+FwZ/2BJw6vcP7CVgpg0iV65xg64vb5:ngd+GeJxvoUgKFV65xg6O
                                                                                                                                                                                                                        MD5:17773E294F691D22DBF6A8D1AE58BFBE
                                                                                                                                                                                                                        SHA1:1BE39861F93D94663A5D7AE41EFD29328254957D
                                                                                                                                                                                                                        SHA-256:2F47EFB5CD0B778F7D5D275D9B6F5BE763C3924895A2C6EBCCA6D3663C5C6055
                                                                                                                                                                                                                        SHA-512:6A871848F586B8E96E587A46A79807F345770C7D03F572E27A127D56E29CC4A7212E4FFF1B5695254D4F1510DA4E49673D45E2BBEBB2342ECFCFDA184347BEC0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.14.0.0</from>.. <to>7.15.0.0</to>.. <version>7.15.0.86</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>+RGxm+9i713tJT9GXIvtlg==</checksum>.. <checksum-sha1>vTeHMMNw1brFmTPyg0wr3I5b2JM=</checksum-sha1>.. <referenceSchemaChecksum-sha1>s42A8j6Gp1rgW3sscGyjGtQwPRU=</referenceSchemaChecksum-sha1>.. <script>7L3rcttIsjD4fyLmHfDFiTii5hPZJHW3RxOWKdvNbV/0iXLrxHRMOECgKGFMAhwAtFon9s32xz7S..vsJmZl1QN4CgLMn2mWZM9FhAVaIuWVl5z//v//l/u91gUoZpHOZxsMxZuJjO2Z//VLAyCNMi+ZSu..5vMiyNLn/Nm/VlnJ4k9JzNIymSUsr179Hkblp3Ca5SV/dp39+U/JLHjxguV5lgd//VvQD6bsOkmD..VcGC30q2WMbTfwQsjXnbP/8Jh/Lh48Xo1afJ6OdX706fBYe9wV6v3+vTu8vTizevLvV3+/wdvf3L..Q/4I4llShLAYwel8HlzmyfU1y4vH+FQsvlPybwQhfC9Lg+hm+mmUpbPkuncaRawozrN5Et1drOas..eN6yV7ZKy40a/z1L2XnOZixnadT2O/EiSV9n8xjWp12H+Ty7ZfF5npVZlM1bdjoXQ3ydzEuWv0qh..adsBLpewcmGZZKkBY+PO1T/f5NlqeVoUyXW6YK3X2O7/NYMhCGes+FxmywcZzf16XYbXG3fcuEP7..j0y+Ak

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.15.0.0-7.16.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):255417
                                                                                                                                                                                                                        Entropy (8bit):6.046974906179738
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:fagfaEI7JVC6xzQZMxOhNJc1hzrcAq7vtFlUOH:fNSf7J8YzpxO1cTw7UOH
                                                                                                                                                                                                                        MD5:8F24A20DEEFEB269856D309ABFF7139F
                                                                                                                                                                                                                        SHA1:3CD1C495992B3472211C88F07BBD8611FA5DFD5D
                                                                                                                                                                                                                        SHA-256:5E431CA0BFBC15ADB3D92C1BAD24432FD571694115920CBC4BA733C0A58E7263
                                                                                                                                                                                                                        SHA-512:6D3F842DE7E627401226E03A203699653F58D8EF78D3E68C4D33920C268A93FC7B5FB173F526A805D3F3AE5474E4F3A7BA3537E5F42FC9547802A1A5AAC73A14
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.15.0.0</from>.. <to>7.16.0.0</to>.. <version>7.16.0.22</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>74dG34i87JqtBixd6RdqFw==</checksum>.. <checksum-sha1>U09Yl3T0+ha18uzDsgyIqZ3XsBs=</checksum-sha1>.. <referenceSchemaChecksum-sha1>DNFT1OuVWvyeAeu9sWY1sMtHRRc=</referenceSchemaChecksum-sha1>.. <script>7b3rctw4kjD6vyP6HbjfnvhUmk9VrvvFbnV0tSS7dUZ2a1V2e2I3NjpQJChxXEXWkCzb2lc7P84j..nVc4mQmABEiQxSpd3D27jIlpqwgkE0Ai70j8f//P/9tuO4uUhR6LPWcTc7Zervj33yU8dViYBL+H..29UqcaLwlfjtH9so5d7vgcfDNPADHuevvjI3/Z0tozgVv91G338X+M5PP/E4jmLnhx+drrPkt0Ho..bBPu/EfK1xtv+Z8ODz3R9vvvEJVfP9ycXfy+OPvl4u38pTPp9EadbqdL797Pb95cvNffjcU7evuX..x3wI4nmQMJgMZ75aOe/j4PaWx8lTfMqT30nFNxwG34tCx71b/n4WhX5w25m7Lk+S62gVuPc32xVP..XjXsFW3DdK/G/x6F/DrmPo956Db9jrcOwtfRyoP5adZhtYq+cO86jtLIjVYNO11LFF8Hq5THFyE0..bYrgZgMzx9IgCg0Ye3fO//kmjrabeZIEt+GaN57jYv+HIEMQznnyKY02j4LNYb3es9u9O+7doflH..Fg+gkm

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.15.7000.0-7.15.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):257832
                                                                                                                                                                                                                        Entropy (8bit):6.046826076369648
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:pWHDzax6yObgoPk1B33pVa7FEppNvc19O0b2/1+evhJpsR4WhTjXWqZ3S8oV64w0:gSxm2BJw6vcP7CVgpg0iV65xg64vb5
                                                                                                                                                                                                                        MD5:BDD8BCB83765319FB1F2F8FCFD6498B9
                                                                                                                                                                                                                        SHA1:614EA752F43A23DD53958D1B9A2CC63BEEC47E52
                                                                                                                                                                                                                        SHA-256:27BD674997B41054DDD16F634D47A13044F26E9F1AC60B5C1A4AC4EA8AF31142
                                                                                                                                                                                                                        SHA-512:0517AFFD584B2CF780D53DC33C2CAC10EF8D0FE785B2AA2BC11374D437C86EB61E2EEB24D0A176F81BD01785FC2E8C05B58824CA92574453A43ADD7F4D6A9E44
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.15.7000.0</from>.. <to>7.15.0.0</to>.. <version>7.15.8000.0</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>72I6IgSVCRlYpfm/X0tUwA==</checksum>.. <checksum-sha1>Shw8auup/Zt78D7UyPNJZAIMiyo=</checksum-sha1>.. <referenceSchemaChecksum-sha1>s42A8j6Gp1rgW3sscGyjGtQwPRU=</referenceSchemaChecksum-sha1>.. <script>7b1tc9s4sij8farmP7DuvXUs77E8erWkyXoqiu0kvuMkvpYz2XumtqYoErK5kUgtSdnx/rXnw/OT..nr/wdDcAEgBBipJlJzmzrK0dhwKaQKPR6Dd0/3//z//bbDqT1A19N/adZczcxXTOfvwhYanjhknw..R7iazxMnCl/wd/9cRSnz/wh8FqbBLGBx/tMX10v/cKdRnPJ3N9GPPwQz5+VLFsdR7Pz1F6flTNlN..EDqrhDm/p2yx9Kd/d1jo87Y//oBD+fDx6uTsj8nJ27N345+dwWG7fzhotVqHLfr5enz15uxa/5l+..o1//ssuHIH5c+m7KnMsML0/yleMdPgiQgJ5EPnPSyLmFtZ0zJ0mjOAhvHJiP6/gr+tuFpVjexC40..vL8NvFvnJmKJ40f3IXZ0CQyQxF0QrRIH/5sEUXjgsJuf+Rc+dpu/nHzsObDwK3c+f4Cu0J9eX12/..478l3i1bcFAfYufienKFDZzmL/xvaId/n1w5fzv9mCiDXz7Ewc1t6jS8feckSOPgizN5SIBokgPn..P

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.16.0.0-7.17.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):262152
                                                                                                                                                                                                                        Entropy (8bit):6.046662523737059
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:nMw0JouD/q9Ah8EbuQS8efnaCEmVoVcKwc8WhxrbRvEGfK/5DU8:eouDnhZuQS8KadmVo2HWhxrbRv12U8
                                                                                                                                                                                                                        MD5:E908D7F2CB8BE99D0D691CC7DB05E502
                                                                                                                                                                                                                        SHA1:0ED31A11431614DD757C37961C721AD2283B0D0B
                                                                                                                                                                                                                        SHA-256:76AE3485BEAF660E3D8E4BF1CBE9CA70BDC631CA70606F053315DF080C09B392
                                                                                                                                                                                                                        SHA-512:1EA619EDE0463D1611643370D96059BFF7960A9AC88BD85B0DAA1664A32D190F01DC8F2719AC062E5F8D3738BA441BFD46C71DF621923549D0D4AA6AE97E52E4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.16.0.0</from>.. <to>7.17.0.0</to>.. <version>7.17.0.24</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>2n+vPViPM1uXDA26jt2oPw==</checksum>.. <checksum-sha1>JY79CClvWsYXZHhwD2gMDQBjv0I=</checksum-sha1>.. <referenceSchemaChecksum-sha1>SJ0y0p9qxx9son8fmqznI1xSurc=</referenceSchemaChecksum-sha1>.. <script>7L3rcttIkjD6fyLmHRDfxq6oHZFN6i73aMK0JLt1RnZrRbs9sXM2OkCiKGFNAVwAtKx9tfPjPNJ5..hZOZdUFdAVCm3J4LYmLaIqoSVVlZea+s/+//+X/7/WhSxVkSF0m0LFh8P12w3/+uZFUUZ2X6a7Za..LMooz37kv/3PKq9Y8muasKxK5ykr6ldf4ln1azzNi4r/dpv//nfpPHr5khVFXkR//FM0jKbsNs2i..Vcmiv1bsfplM/ytiWcLb/v53OJSfP9ycXfw6Ofvp4u34RXQ0GB0OhoMhvXs/vnlz8V5/d6Tefbg+..H7+/+PXm4j8+XN5cvL149/5FNL66+vnjr1eXv1wI4P++yYcgjhcVoODiS1pWaXYbvY8BeWXUW97F..MMXR9nN8tQVmNLub/nqWZ/P0djBeLhfpLK7SPCsbugiYoY6AyCT54T5P0vljNMsXq/us/P3v+EpW..BRAJrHtKK56w2SIuWPRyUrFllGZVdBod/EhUoAE/zz8sk7hi2KhHTbeh3YjTxu9/x76w2apieg+g..z6KqO

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.17.0.0-7.18.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):236722
                                                                                                                                                                                                                        Entropy (8bit):6.047006678095996
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:QUUGFifhoHelcr/bJ7FQwyn6cfXu6D+kYQgdiDWan:QUiI5DbJpQwynjfNJC2n
                                                                                                                                                                                                                        MD5:B51D16EC2C2BDCE391DB8CC21C631E60
                                                                                                                                                                                                                        SHA1:7257AB8CD97031B2CE3774E028211AAE1AC39176
                                                                                                                                                                                                                        SHA-256:9F2184382CA21313FDA6E8F234048FAC6018DB44D360108A02DC83E5FD9607BB
                                                                                                                                                                                                                        SHA-512:403D378B66A629E10B2E26DB1FB5FAE62F7CB9F4096F9AAF55B3838D8DC3E950BC0777710FCD6063857F95EB052492397AE40353968BD640CB6BFFFF343DF90C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.17.0.0</from>.. <to>7.18.0.0</to>.. <version>7.18.0.21</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>yXdWSuZwR24xX6yBWHBUcA==</checksum>.. <checksum-sha1>CEmK0Ws3F8tyNqhhqDZldALcAC0=</checksum-sha1>.. <referenceSchemaChecksum-sha1>Gfi8YL2PDLhRueZ9ksadEExZwPg=</referenceSchemaChecksum-sha1>.. <script>7X3rcuM4ku7/juh34D/bG6aKpCiJrG512GXXRTF18Vqu8sZMTHSAJGhzSiY1JFUu7audH+eRziuc..TAAkARCU5Oqq3pmIVez2lEEgiUsi88sLwP/3f/6vbVvLmuQJKRNrXVLyEK3ozz9VtLZIXmW/55vV..qrKK/Bde9s9NUdPk9yyheZ2lGS27R19JXP9OoqKsedld8fNPWWqdndGyLErr198sx4roXZZbm4pa..f6vpwzqJ/m7RPOF1f/4Ju/Lh4/XFy9+XF29evjt/bs1G7mzkjBz27Ob8+vXLG/lZ0D77eHV5fvPy..9+uX//lxcf3y3cv3N8+t87dvP9z+/nbx6aUg/h/f88conieJ9Z4+WsttXuTbh+pHvAbmsIj+QWFy..s+T4KL6Pfr8o8jS7G+E/P64TUtPbovxMy8UDuaOLPC3KB1JnRX50YmWVhQvI5/3nn2JY35paFe+t..9QRaFvyL1QdeqeloV1Vc+pLktUW/0ngDr4PWfADPnz/ljXUBLyx/f1EW8BSItozyZKb6zguC676q..gfVff

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.18.0.0-7.19.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):299470
                                                                                                                                                                                                                        Entropy (8bit):6.046544493455382
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:si0jedjb+x1zl0cZXCfNUybZElDNTyYOgpFwgajV4/pemU6IC6J:siQLJxZXkUytQNFHphiV4/pRNIJ
                                                                                                                                                                                                                        MD5:E117BC5741C42C39F03FE938299317DB
                                                                                                                                                                                                                        SHA1:A61860415ACDB7D83295D450539C1C16989B1DE0
                                                                                                                                                                                                                        SHA-256:5838DC34CD916B9C13BE3A6E02B0B21E39C8D106A38DDAE6A85AB1659FFADA7E
                                                                                                                                                                                                                        SHA-512:F4C93EEE6875B744B453C588F87ADBC73732F0F9B69EE88F626F15CC8FCFC0F19D215C755C35194A4E2819A577B3203F1CF92D8E31E04A70918E64189247ED46
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.18.0.0</from>.. <to>7.19.0.0</to>.. <version>7.19.1.30</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>ghHipWWsMUbgsXW3rL6Fvg==</checksum>.. <checksum-sha1>/L6IGra+t2eluQEPetujpZsCwig=</checksum-sha1>.. <referenceSchemaChecksum-sha1>cWd0fa1wH8z7yQJiTATkWFmv9Tg=</referenceSchemaChecksum-sha1>.. <script>7L3pcttYkjD6vyP6HRB3YkZUN0VLrqV77GKFVFrKmvKiK8rljm9iwgGRkIQ2CbABUDL71e6P+0j3..FW4uZ18AUJZsV08hOqot4pzEWfLkyT3/v//n/93ZSSZNWszSapYsqyxdXM6zP/6hzpokLer8fbGa..z+ukLJ7zb/9YlU02e5/PsqLJr/Ks0q8+ptPmfXpZVg3/dl3+8Q/5VbK/n1VVWSU//JjsJpfZdV4k..qzpL/rvJFsvZ5f8kWTHjtn/8Aw7lzdvzw+P3k8MXx68OniV/Ge39dbQ72qV3FwfnPx9fmO/+U717..e3Z0cHH8/vz4/357en786vj1xbPk4OXLN+/evzz99VgA/9NDPgTxYDZLXmd3yWRdlMV6UT/GZ2AN..y8u/Z7C4+WywNb25fH9YFlf59Yj+OU/zxUX5a141q3Q+yWdb20leJ7hrvNh//MMUNrXJkpqHmHQB..SK5gs/ANYEWTjbz3uLNVWjRJ9jGbrgBwWYjxPXvWCbspAXT1/qeq/JBVAElt/iaI0rogx8VqkVUw..8kk2h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.19.0.0-7.20.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):264712
                                                                                                                                                                                                                        Entropy (8bit):6.046723748347116
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:3PYekck3mnmlcjn2nptKpW15WCBAFwmIND2yT6hAIeR8+0HD:3PY2k3mnZ8tKarBAeXCAlR8vD
                                                                                                                                                                                                                        MD5:C9B8657D001B4E398611859AB788763E
                                                                                                                                                                                                                        SHA1:9BF6D99DFEAA104519B9962683D0DD5BB9DD6680
                                                                                                                                                                                                                        SHA-256:B02699D93C6D5B5AFAE79031C10E8DB09E8EB370E7094F9287441DB86634C418
                                                                                                                                                                                                                        SHA-512:CD512FCB5E3EC7B2FC91703928CEB44D016E0C8B05DF32A32D1FEC79F7A5DFF0462ED177A9693C880A16901A2514F5FF76F4ADA2F10CBF20423C2ABA0A0183B6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.19.0.0</from>.. <to>7.20.0.0</to>.. <version>7.20.0.59</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>8uAAHAklLDuEBz3+vGIviw==</checksum>.. <checksum-sha1>uxzYSIF/aUcU9iLz56A9HC/mOk0=</checksum-sha1>.. <referenceSchemaChecksum-sha1>fNUmG2yZoCe6Rf9wteYoIasJClg=</referenceSchemaChecksum-sha1>.. <script>7L3bctw4sij63hH9D4xY+yyX1lKV635pj2ZbLtlu7fZFWyW3d0yfCQeKREkcV5E1JMuy5tfOw/mk..8wsnExcSAAGSJUu23OOKiWmLABJAIjORmUgk/r//5/9tt71FRqKAJIG3TSjZLNf0559SmnkkSsMP..0W69Tr04esK//XMXZzT4EAY0ysJVSJOi6DPxsw9kGScZ/3YZ//xTuPKePqVJEifeX/7qdb0lvQwj..b5dS74+MbrbB8u8ejQJe9+efcChv353Pn39YzH99/vr4F2/S6c063U6XlV0cn798fqGU9bt52buz..k+OL5x/On//vd6fnz18/f3Pxi3f86tXb9x9enf7+XAD/r7v8MYjHQeC9odfe4iaKo5tNeh/dAA7j..5T8oIDcMWo/8q+WHeRytwssO/vMlzc7idejfXAA61ySj6aMDL0w9XDaO7Z9/8mFVM+qlfIxeLQRv..Bcul1CrXwNVNSJR59DP1dwA7jsQYf/mlHnwWA/Tkw7Mk/kgTAJVTwD7UUomV0/Q4ujmLr2ly7Gdh..HD3bp

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.20.0.0-7.21.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):334617
                                                                                                                                                                                                                        Entropy (8bit):6.046490018331806
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:DADiSOSvntOb9XCB+DRMibAv+fSbepiHjBziuXYCyXRxCCnkyU7XKGR:DADiZSP8s+DmibhaepidXXYCQxYXKGR
                                                                                                                                                                                                                        MD5:AA199CB98CE35842561A848ACB7A8D08
                                                                                                                                                                                                                        SHA1:0E28267E0453AB560C333A4590D723E1847E25E1
                                                                                                                                                                                                                        SHA-256:586F52DCE98F146E9F4547EA49AD8A296EB4227FBDB4619A74A08A919590FA38
                                                                                                                                                                                                                        SHA-512:155272235CE18FC83C4E0C1FB75C8B0A0D1C4A6B7B3AA5B579FADA846703DDE7AD7547FEFA19C4B935A20B64367709DDA4A536634F426B0CF72300E47DF3C4A2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.20.0.0</from>.. <to>7.21.0.0</to>.. <version>7.21.0.107</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>8d/HzniB/AjqU1xV7xaADg==</checksum>.. <checksum-sha1>gnQ7K6QR9VM9N4qWYRQflkUPRKw=</checksum-sha1>.. <referenceSchemaChecksum-sha1>17pNGGwSQlwI9X8QOUyDejKReJI=</referenceSchemaChecksum-sha1>.. <script>7L3pchtXlgb43xF+h4yp6SJQBUKkFrtbMh2iScnmWFsTlNXRFRWKJJAgswRkojITpFA/5sXmxzzS..vMKc5e5LIsFNtEvobrcI3Dx513PP+p3/7//5f7e3k1GTFpO0miSLKkvnp7Ps22/qrEnSos4/FsvZ..rE7K4hl/989l2WSTj/kkK5p8mmeV/ulzOm4+pqdl1fB3Z+W33+TT5PnzrKrKKvnhx2QnOc3O8iJZ..1lnytyabLyanf0+yYsJtv/0Gu/L2/fHBi4+jg19evN5/mnw/fLgzhP+h3072j39+cWL+tqt+e//u..cP/kxcfjF//9/uj4xesXb06eJvuvXr398PHV0W8vBPG/3OSHKO5PJsmb7DIZrYqyWM3r23gNzGF5..+o8MJjef9LbG56cfD8pimp8N+Z/Lojms0rzIJseT+mgyy96V5ex1Oj6Hr+qXZXWY1Z+acvFzVS4X..W/0krxNcUl6Jb78Zw4o3WVJz/5NrUU+msMz4GOynJhtu9jBumCotmiT7nI2X0KWyEMN++vR6vWpK..6FT1

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.21.0.0-7.22.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):345114
                                                                                                                                                                                                                        Entropy (8bit):6.04640728817737
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:i7FB7mdryfgJ1YS8QmAAYt/8foj28L4XD/OoBpChVZi6BsNig3LRLOVbdb4:i7Od24J158QfFqYLk/OoWBs8Sgb4
                                                                                                                                                                                                                        MD5:57B9F175AC06188D83C2AEDC074464CF
                                                                                                                                                                                                                        SHA1:DC38100F10A21B2DF610BBDB5EF73ACBAAC26024
                                                                                                                                                                                                                        SHA-256:B057727CA7FC859B7B1D4BAC94BD6E3468157B123F2BF7413929FA94158E5C3F
                                                                                                                                                                                                                        SHA-512:BCE5D0E23562B8D706F7228035E5D29D59168D13EE6ED576A03EDE0EE16A1F33E0C66C3090A64F826C9D94B06AC25AD32687651FCD8611C7EA96BD0CED7AD518
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.21.0.0</from>.. <to>7.22.0.0</to>.. <version>7.22.0.12</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>kpr0PDzN9ijQ1hi8ZqxhSw==</checksum>.. <checksum-sha1>uj8cPnCl4oRFfvf44XKz9Q+MWuo=</checksum-sha1>.. <referenceSchemaChecksum-sha1>OZyWte3weCkCU50O5opVLU/lnlI=</referenceSchemaChecksum-sha1>.. <script>7L3ZchtZdij63hH9Dxn29SHYTUGiamhb1XSIRUpVPKWBR6RKDjscFUkgQWYLzISRCVL0r52H+0n3..F+4a9rzXzkyQoMRqC2F3icDOlXtYe83D//d//99Hj7KTNq+m+XKaLZZFfnk2L/74h6Zos7xqyt+q..1XzeZHX1A3/3X6u6Laa/ldOiastZWSztT5/ySftbflYvW/7uvP7jH8pZ9vx5sVzWy+yv/5o9yc6K..87LKVk2R/UdbXC6mZ/+ZFdWUx/7xDziVt+/fHbz47eTg5xev959lfxk/3R0/GT+h30733/304tT9..7an57f3x4f7pi9/evfg/74/evXj94s3ps2z/1au3H357dfTrCwX8T5v8EMT96TR7U1xnJzdVXd1c..NvfxGtjD+uxvBWxuOR1tTS7Ofjuoq1l5PsZ/7jdNeV6d5uen9UHe5vP6fGs7K5sMj413+49/mMCp..tkXW8ByzXgjZDI7LGRWPwNNd5lWbFZ+KyQpg15Wa47Nn/eDbGqAvf/txWX8slgDKYMA62NK5K4dF..rl/7c

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.22.0.0-7.23.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):309538
                                                                                                                                                                                                                        Entropy (8bit):6.047296567859325
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:g86wpFJwHn0VzhPvvNonxGsNVVTqo3L48MhjJ5ZBdPcPlaV:g+vg0DFonAuwb1PtV
                                                                                                                                                                                                                        MD5:8DD2AA866D06DD4A14861BF496D7D2E7
                                                                                                                                                                                                                        SHA1:05971589978492D6C8413DA7FD56AA8B2CF10341
                                                                                                                                                                                                                        SHA-256:C6AC2A1EF850531B4145ABE58AC83B6BA04F3F43C92C5BA9132CA87AF687D0DF
                                                                                                                                                                                                                        SHA-512:29FA9DE1B4AE9CE9842795955B107569C9F992026BB5D361A3B1157AADFD5F80439ECA1541C72F8B87992DA3C03F33D24FF398C1AE058AF3E7F3AF3FEFBDC5D8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.22.0.0</from>.. <to>7.23.0.0</to>.. <version>7.23.0.10</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>OGVkkOtuY661BM97kdTQLg==</checksum>.. <checksum-sha1>H3dkl1fsEsmDiPku+j5tjIL/jqQ=</checksum-sha1>.. <checksum-sha512>bUu1/yVmp3E/tlX82qCWiRsBpNDgrvLBBsMUOutEw1eKZAkuqpPDPpxFyzKYY7tWntJ5lVJ1J/4ghNQhmHPvdQ==</checksum-sha512>.. <referenceSchemaChecksum-sha1>n1rg5I7+hzVj1AuXb7M4yHqmG1E=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>Ue10DsmMHJVf5YeiQ2+ljeX2eDjOs7CY4p7qtZvoP3vIoNLR9Fr/+moRIZ2j12TAWXcXIvKEFshjvdHRN49hYA==</referenceSchemaChecksum-sha512>.. <script>7L3bchvXtSj6nqr8Q9fatUMgAWFSsuN9JNMlmKRkbuvCRVBW6qRSribQJDsCupHuhijmYf/YeTif..dH7hjMu8X7obJCjLjlBrOSIw55i3Mccc9/H//T//7+5uMm3SYp5W82RVZenyYpH98Q911iRpUee/..FOvFok7K4il/96912WTzX/J5VjT5ZZ5V+qeP6az5Jb0oq4a/uyr/+If8Mnn2LKuqskq++z7ZSy6y..q7xI1nWW/L3Jlqv5xT+SrJhz2z/+Aafy5

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.23.0.0-7.24.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):274368
                                                                                                                                                                                                                        Entropy (8bit):6.047372928247855
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:kRu7D2fpukvPpN+y5EBPCppyfZgnEP6UCS49VqjjKKpQgU:euWf06PPVw6SfZkE4S49VSKOQgU
                                                                                                                                                                                                                        MD5:B969037D60A7BE415CE0B00EEC2E6945
                                                                                                                                                                                                                        SHA1:5D51371B26F3FE572BA2F98E057E2B16A4E9D002
                                                                                                                                                                                                                        SHA-256:30FED8F5DDDD108E61D795E358132E66E303293D682EF9885934F62873A8BB5B
                                                                                                                                                                                                                        SHA-512:758FC6E526215E802246F0CA33633FA42C8C5FF154ECB90559855E35856FBB80F64D6CDA7C1A42C7BDEE1208C8F0806F61233D08AFB18FFA96E562B0879A178A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.23.0.0</from>.. <to>7.24.0.0</to>.. <version>7.24.0.52</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>YT5vC9ao0eXiJoKdyXG//w==</checksum>.. <checksum-sha1>4RJy8BnCGQqrKIc8wfJYiastvik=</checksum-sha1>.. <checksum-sha512>4Zh+Zbx5AtPCfreh2G90VO7MK4GuK4M0Nr/5HsaLD/zx/wwYMJqA1FnZt4zqXZQGlYcyDUmN3j8mfWf5PkLQmA==</checksum-sha512>.. <referenceSchemaChecksum-sha1>rhyJZXEriHmESgjOqrIg6Ou8LEk=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>0t5zucQHa59Y9s+L57Epg/TqoQxaCEQUVy9A3D0xtRXQhe/jbN/xihcmgOWztxzgKgmoW5pAqCCQreFaHevXLw==</referenceSchemaChecksum-sha512>.. <script>7L1rc9tIkij6vSP6PyDORhxRe0Q1X3qwPZprWZLdOiPbOpbd3ti5Ex0gUJQwJgEuAVrW/LX74f6k..+xduZtYD9QRAWeqd2R3ERI9FVGUVqrLyXZn/3//z//b70U0V52m8TqPVmsXL2YL9+EPJqijOy+y3..fLNYlFGRv+C//cemqFj6W5ayvMrmGVvXr77FSfVbPCvWFf/ttvjxh2wevXzJ1utiHf3hj9EgmrHb..LI82JYv+XLHlKp39JWJ5ytv++ANO5f2nD

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.24.0.0-7.25.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):690300
                                                                                                                                                                                                                        Entropy (8bit):6.045540180271806
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:UWRsEDd0vPowgz5Vv3Kk/mg9dNwlzSe9DLHKKFlQKWxMjvReUJm5ppCOzvj:RsrYJP15dil7DOKFaKWxMjk5ppCOzr
                                                                                                                                                                                                                        MD5:0C7E7C6463C7768ECAD0FAD9FAEAA665
                                                                                                                                                                                                                        SHA1:6C8D2166BB00BC8F3FA07F11B77CE9DB63F77BE8
                                                                                                                                                                                                                        SHA-256:BB23D5B89462D07A345F54F1BA7A8AB2A4CCC6AA23D3D18BB22C946CF3572F70
                                                                                                                                                                                                                        SHA-512:F463BB5BD95CB0FF82A2168E409DF5B6D3AD1A95E587AD252F8798937C2E2EDE2EBD865606BB4F2E02CD1F78B3A0B5647B1263BFE2034BF8A51C355AE190E805
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.24.0.0</from>.. <to>7.25.0.0</to>.. <version>7.25.100.1971</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>8rqBmZPqnF9wuPZWJNXzRg==</checksum>.. <checksum-sha1>fY02PwdTHMAXb2Wxn/7aBtxjMh8=</checksum-sha1>.. <checksum-sha512>K0vx3KpKQwAuwk65H/YyiVITZEh/QBttxWXcu0omf1Eo+Wa0J3CtXBY9B8SskgSB3Y546TVXeo80tWyLQD2gPg==</checksum-sha512>.. <referenceSchemaChecksum-sha1>cJRwT+v8TwC0tQ2OasBJKKFD0KE=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>Ihob9B3IcEJmc+bbUWgtuT0wxJfTKIxaN34qXor23nIYukKVDtV8yIQZykMdRsXPa7iq9mSaugn/smz7dB8c7Q==</referenceSchemaChecksum-sha512>.. <script>7L1rc9tIkij6vSP6PyAmdldkN0VL7teMbfWxWrJsnbZsrSS3N2ZijgMiQAljEOAAoB4d55/dD/cn..3b9wM7MeqCcAUqQethC7PRZRlajKysp3Zf1//8//u74eHFdhFoVFFEyLOJycpvG335RxFYRZmXzK..ZmlaBnn2nP3271lexdGnJIqzKhkncVG/ugpH1afwNC8q9ttZ/u03yTh4+TIuirwIXvwabASn8VmS..BbMyDv5RxZNpdPrPIM4i1vbbb3Ao7

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.24.2000.0-7.24.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):249416
                                                                                                                                                                                                                        Entropy (8bit):6.0475650133998275
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:L62VffpukvPpN+y5EBPCppyfZgnEP6UCS49VqjjKKpQgU:L6off06PPVw6SfZkE4S49VSKOQgU
                                                                                                                                                                                                                        MD5:523197AA213A0D30261365199B046E54
                                                                                                                                                                                                                        SHA1:7455023B7B52CAAFC9074B6F0F7B0BDE2FA7D9E4
                                                                                                                                                                                                                        SHA-256:FAD9E3C401E3520683B6F9F8B6FAC94DA990D47ED8092AC03F6F79884D275C17
                                                                                                                                                                                                                        SHA-512:70E79B9DBCF362909134CC2707E7D96AD9420A0749C2B188E632D3081917705C80250F31FBDC56AB8A86A97C55EF9382F1F015E1BE2272B03D4A97BE68D347A6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.24.2000.0</from>.. <to>7.24.0.0</to>.. <version>7.24.4000.0</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>PB2WZ+5SAZC4bLs728oJsQ==</checksum>.. <checksum-sha1>lC/YILFQnS4+78ZJx3KKKuHF0uM=</checksum-sha1>.. <checksum-sha512>2Q3bTQxZiA5/O59O167SF4VZ3phv2npNVkBm/Rd/l1E5Ipc8o5zzCUvgpAuVGtIifLQHAzlQkHXWpK/6QGvSbA==</checksum-sha512>.. <referenceSchemaChecksum-sha1>rhyJZXEriHmESgjOqrIg6Ou8LEk=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>0t5zucQHa59Y9s+L57Epg/TqoQxaCEQUVy9A3D0xtRXQhe/jbN/xihcmgOWztxzgKgmoW5pAqCCQreFaHevXLw==</referenceSchemaChecksum-sha512>.. <script>5X3rctw4sub/juh34D9JJ0Q175fx8YTVktytbbutteTuiZ2YcIAEKHFcVawhWZJ1Xm1/7CPtK+yX..AMkCWawSS7Z7+sQqZtwSiUwAibwjAf7f//1/TNO4rtmCs5Iby1KweTIT339Xidpgiyr/uFjNZpVR..LF6oZ/9aFbXgH3MuFnWe5aJcv/rM0vojS4qyVs9ui++/yzPj1StRlkVp/OdfDctIxG2+MFaVMP5e..i/mSJ/8wxIKrtt9/R0N59+H92cXH6

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.24.3000.0-7.24.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):256312
                                                                                                                                                                                                                        Entropy (8bit):6.0474773140725535
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:xpf4KfpukvPpN+y5EBPCppyfZgnEP6UCS49VqjjKKpQgU:jAKf06PPVw6SfZkE4S49VSKOQgU
                                                                                                                                                                                                                        MD5:1736F80D3F547B5A7D7E09A4074A3B1C
                                                                                                                                                                                                                        SHA1:02C949C38B0E07C85EE5222C36ECD42B40699F83
                                                                                                                                                                                                                        SHA-256:9AF9897607A291BCD3A0C71722A7D4A10BA1C6C8DE2A9DF13E01EEFA14E3F9E4
                                                                                                                                                                                                                        SHA-512:931DD9548886A2F1E2D6ECF63269EB0BED6D6045811E932BE52F397A29E93F9EE08BECBC493114FB2179739680F500DA7145D7CB5F1AACFE2AA36DB71E610958
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.24.3000.0</from>.. <to>7.24.0.0</to>.. <version>7.24.4000.0</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>OMHAo4yrwqEcCUt5EU9FOw==</checksum>.. <checksum-sha1>SWSkB6VmgbYW+OmjyQC0N5d8xjc=</checksum-sha1>.. <checksum-sha512>6cqkwIxpiGBoQqwx6goMrgPaPorSPL8+T0039causRSmE5JjN7KLrZ8EXzY3h2qVz7VZ6NLXIVRS32ob5Dh30w==</checksum-sha512>.. <referenceSchemaChecksum-sha1>rhyJZXEriHmESgjOqrIg6Ou8LEk=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>0t5zucQHa59Y9s+L57Epg/TqoQxaCEQUVy9A3D0xtRXQhe/jbN/xihcmgOWztxzgKgmoW5pAqCCQreFaHevXLw==</referenceSchemaChecksum-sha512>.. <script>7X1rc9xGkuD3ifB/QMRFLJsbBI1XNxrWakI0Kdk8SzJXpKyJdUw4CqgCiVF3o7fRLYr71+7D/aT7..C5eZVQVU4dFE05LHG3eMGZnsrsp65bsys/7P//rfrutcb9mKsw131hvBlulCfPOXSmwdtqqK31a7..xaJyytUz+dl/7sqt4L8VXKy2RV6ITfPVZ5Ztf2NpudnKz27Lb/5S5M6LF2KzKTfOv/3V8ZxU3BYr..Z1cJ59etWK55+ndHrLhs+81fcCo/v

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.25.0.0-7.26.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):271510
                                                                                                                                                                                                                        Entropy (8bit):6.0467227156129155
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:BZSiQQXEPhWRX2CC8fz9bEaKVu+nOQbSoBHBB:7SizXEP0t2CCk+38+nOQmoBBB
                                                                                                                                                                                                                        MD5:36C81225A37959D864E575AEB86D3685
                                                                                                                                                                                                                        SHA1:DDC699C2FBC67B09C6FB4199FB48E6C7321B8E6D
                                                                                                                                                                                                                        SHA-256:45BEE72D3B20D4DA9F549C3D9DDEC8C2A9EF3B13366D9896242E2B02ACAFE5F8
                                                                                                                                                                                                                        SHA-512:3E0FABEE619705AB6547747ECC2A99B99C18D517A24BB02C4E31CF904B7EE7E89B3C52680E46F8E3FAFA6FBCBD2AF90A4DE1693A25EF8951EA56B0DDFC888326
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.25.0.0</from>.. <to>7.26.0.0</to>.. <version>7.26.0.17</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>ltxW0rYUVTjqBUhtsHyulQ==</checksum>.. <checksum-sha1>rlGqOVdU4I/5qQQcWgCTiHo1GoA=</checksum-sha1>.. <checksum-sha512>F46GTvEPwHQIx5DqxeMB/UbtMH1PIg9Oyi4jm17R2o63GR/w0sz9jtTyoKGaIZnzipxlHq9mthIK6TZ65k7obQ==</checksum-sha512>.. <referenceSchemaChecksum-sha1>lrhcR/Ckhv5F9espXUVBSebPFlI=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>Sgtl5w0Tj97Z6XFRpjotQ1DgRpfb35DZ9RQ6qnGgtMy6G9hr0sXYPveoJyew2vFlcX2sKWn969H8U+dEiIjNfg==</referenceSchemaChecksum-sha512>.. <script>7b3bctw6kij63hH9D9wvY+kclUyyWLflrQnLkr2WzvJF2/Jl4nR0rABJUOK4VKwpsiRrfm0/7E86..v3AyEwAJgCCLJdurPR1TEd1LJoEkLom8Z+L/+9//ZzTyriq2Stkm9dYbzm7jJf/rX0peeWxV5n+s..tstl6RWrZ+LZf2yLiqd/5ClfVXmW803z6itLqj9YXGwq8ey6+Otf8sx7/pxvNsXG+5//6vlezK/z..lbctufe3it+u0/jvHl+lou1f/4JDeffx/

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.26.0.0-7.27.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):341502
                                                                                                                                                                                                                        Entropy (8bit):6.046410305202391
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Z2n3IDqy+iJuBfarfNi+MD+mfFgh7YSkqfPihjzPolDkziA2voUOME:k3CbtJR78p3qpYSFUz4RK
                                                                                                                                                                                                                        MD5:BA7E21073CBB4A0F98B8F083E3DF4FDE
                                                                                                                                                                                                                        SHA1:4BEA1660C4C993929150129295EB0DEC0C7C2A23
                                                                                                                                                                                                                        SHA-256:FA4C70246ADE9DA7198F1D44A6CEBC0159B86624010DEE9C700C4E3CE01D6E9D
                                                                                                                                                                                                                        SHA-512:1DD8B00AA4BC43B00FCC7FC3262D347E2C8EDDEC4301443A8D6E9F43E193EE134526695442BC7400F5848EB6704771C58BB2159BAFBE204578B8B2EA9F142E4E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.26.0.0</from>.. <to>7.27.0.0</to>.. <version>7.27.0.25</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>TYhlYfTuHhOHszRLaAFoiw==</checksum>.. <checksum-sha1>+KWh79JZHnucA9kpZTKw6tM3rlU=</checksum-sha1>.. <checksum-sha512>XgLrpxP4gKgrrdJjHSt3NLPex9bJ2atbwLUbScn7pRsbjVljStQactbtbjS0stmtHv3AgZYl2+QnzxrEexbuhg==</checksum-sha512>.. <referenceSchemaChecksum-sha1>6LIzLZT/9GpO3rzYMS5sVgczlEY=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>AmvbtLpLt0XsmvBhszEDk6T8ArsEp86wMbEG2CvCxtwx6TECPoKukLnYUjTbLw/n8evCqbw0Oq+40hlUF5DGtQ==</referenceSchemaChecksum-sha512>.. <script>7L3pcttIti76vyLqHRDnxG1RvSmV5Jr62K0OyZJdpVMetDWUOu6ODgdEghK2SYANgJLVr3Z+nEe6..r3DXkPMAgNRgudqM6C6LzFxI5LByjd/6//7P/93YSE6atBin1TiZV1k6u5hm335TZ02SFnX+oVhM..p3VSFi/4u38uyiYbf8jHWdHkkzyr9E+f0lHzIb0oq4a/uyy//SafJLu7WVWVVfLXvyVbyUV2mRfJ..os6S/2qy2Xx88Y8kK8bc9ttvcCjvz473X

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.27.0.0-7.28.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):357974
                                                                                                                                                                                                                        Entropy (8bit):6.046260726227256
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:9jsWvNdBouYErGNtQaMSkmUiGIKziG8dXDXQZBHa32Y7mrD5lJ4iDnD9dTK7I:9j3vNIRErGNSrSkmxKzi1XDX2BiyrVV/
                                                                                                                                                                                                                        MD5:2334F540E8BEF610ED4BFB2563647F69
                                                                                                                                                                                                                        SHA1:497A1A02907FA71E585E30FFE51BDD23630A66CF
                                                                                                                                                                                                                        SHA-256:81487FD196BCDF192924909436D08CE39D1851319713BE16A60CA937D0860146
                                                                                                                                                                                                                        SHA-512:A1D30E983A1BAC068283982884E3ED37D2CF3F5773FE493FBBFC47820A57283AB0E35FAA89206AB16012A5B9936B3EA9D134CEE9F5CD6B796844047DCA46E30D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.27.0.0</from>.. <to>7.28.0.0</to>.. <version>7.28.0.2852</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>nSiTi5RwNxddjI/v3vEG5g==</checksum>.. <checksum-sha1>9llwf9xN3xMT9rBkL/bKMT6xsMA=</checksum-sha1>.. <checksum-sha512>mslYMc00Krzr+q2KDHA16G23EJuLlXuWl3tnOMmHVjzrXUSed6caZdNrXKn5VzyYB3TF1QVPdImRfU+xPlJERg==</checksum-sha512>.. <referenceSchemaChecksum-sha1>Gyv7qPd0bbb5Ra0MNFsrkTxoRS4=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>k0bYrb+a5ZSBSA1N0/F3cZ3QPlwopgHRJn5uEVsL+AR0sbPMufkNESxpXygs9Tly4R+Q3UCEr7ew6Q1zsjWh6g==</referenceSchemaChecksum-sha512>.. <script>7L3rcttIli76vyP6HfBjzpiaoWTJrsuM3eoolWRXaZcvGsu2JvaOHQ6IBCWMSYANgFapX23/OI90..XuGsW94zAVCW3a7Ywx9VFpm5kMjLynX91v/3f/7f3d3svMured7Ms3VT5KvLZfHnP7VFl+VVW36o..Nstlm9XVU/7ub5u6K+YfynlRdeWiLBrz0+/5rPuQX9ZNx99d1X/+U7nIfvqpaJq6yf7y12w/uyyu..yirbtEX2v7pitZ5f/u+sqObc9s9/wqG

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.28.0.0-7.29.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):391006
                                                                                                                                                                                                                        Entropy (8bit):6.046085288618163
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:XJLSpV4QDm+Z1N++fLPaHvYXS2OxaLrV934MVLzBgxKMqBt+i+p5Ty1HiIMLNOSA:XJLSMQRhpPaPYEanoMLFgjqqi+pRy1HH
                                                                                                                                                                                                                        MD5:734C174075F47990EC88B33C9299EA83
                                                                                                                                                                                                                        SHA1:E501DDBD1EA599B71F033129FB0B963DCE2F28FC
                                                                                                                                                                                                                        SHA-256:00EF1DBA485034BBBEB3B5DD641AD9DCEA8315469746017682629D2935A30452
                                                                                                                                                                                                                        SHA-512:CB33A97DE93054B8D558157C50E98BB6D6B7407188C70100E309E1AE8101769DAD7C2F5B4E80133C3C64F3EFA10B48AD996E5EF016FDC66682AE10E6438A794B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.28.0.0</from>.. <to>7.29.0.0</to>.. <version>7.29.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>WL/46ALzyFcIIv/AMe/fIw==</checksum>.. <checksum-sha1>qwT2JTYQC+6yDP9ArWPImIV7erg=</checksum-sha1>.. <checksum-sha512>26kU/JYDTXJ+gwZFETVNIUQXII0WCkdBDClv0BDetKxgj8BjHkqNcIgvGIY81IXG4Hp7CCsQ3s/74kF76MqTmw==</checksum-sha512>.. <referenceSchemaChecksum-sha1>BcMn3NRlpvMUr0QdWWMzHMsuOd8=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>1Pc0uZGCDoa9WG0QHOzXmtDHBhLFws41jbs1ruvR43EAMtzQexCpP/R/4RM0hFvX3zHqim/YVO28exiE8/ioOQ==</referenceSchemaChecksum-sha512>.. <script>7L3rchs5si76fyLmHers2LFE9ZJpyd09F3vUYTUl29pt2Vqi3JqzJiYUJRYk1XKxilNVlMx5tfPj..PNJ5hZOZuBSAQt0okqYkMiamLRJI3BJfXpBI/H//z//74oU3zP048NPAm6TMH19F7I9/yFju+XEW..XsbTKMq8JH7Dv/vXNMlZcBkGLM7D65ClxU/f/FF+6V8lac6/u0n++Ifw2nv7lqVpknp/+8Xb9a7Y..TRh704x5/8jZeBJc/dNjccDL/vEP2JXPX84

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.29.0.0-7.30.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):450524
                                                                                                                                                                                                                        Entropy (8bit):6.045920738847732
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:wZLObj0v7mJoYU5VoRTShd6IsgzTeNb+HROrn2Hz:w1WCroRXQun4
                                                                                                                                                                                                                        MD5:F300087D0596EC8D164C095B56AE7019
                                                                                                                                                                                                                        SHA1:413180451750D3E13DD5FEB009F15FD6BB71E4A0
                                                                                                                                                                                                                        SHA-256:99665C834DF6F93FD4D577FF4132A7F5D69A02975D3C6CBB5AC82597B3E70984
                                                                                                                                                                                                                        SHA-512:ED0E5E8E544DB6E8BEF7B12537DD2338134D8C71C78C478E1941905E63FD3AD84730182CE08291AA2F3B8E7573A668828ED506DFC57D18D1A488A00944FE6C69
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.29.0.0</from>.. <to>7.30.0.0</to>.. <version>7.30.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>nxLHjGASMutV1jRmZ6W2MA==</checksum>.. <checksum-sha1>vpjFlNYAQCQGGNsOkJjGp9gQxDM=</checksum-sha1>.. <checksum-sha512>8FcQgQsg8ErADoN0PYz3EO1qdwD71HMMv8379LztGCY8U+OlznaiRXhXpenpb0HmsDM1zP1/f+Xk1gjxd6CNyg==</checksum-sha512>.. <referenceSchemaChecksum-sha1>1l4+yiQslXCwqluRMNze90pF0SM=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>634ArQDZSqFSvnIvSSi61F4GniGIBPRUThoT9MdWkIefWuWN7XFj4qZaKZtKN2GN8Y/VvHi494EktE29B4uI2Q==</referenceSchemaChecksum-sha512>.. <script>7L3pcttItjD4vyP6HTAxM1dkN0VLclV1t12qsKylrK8tW1eUyzW3osIfRIASrkmADYCS1T++F5sf..80jzCnOWzESuAKitXD3N6MUiM09uJ89+Tv6///f/s7kZTeo4T+IyiZZlGi8u5ukf/1CldRTnVfYp..X83nVVTkL/m7f6yKOk0+ZUma19ksS8vmpy/xtP4UXxRlzd9dFn/8QzaLXr1Ky7Ioo+9/iLaii/Qy..y6NVlUa/1OlimVz8GqV5wm3/+AecyvsPZ/u

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.30.0.0-7.31.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):360234
                                                                                                                                                                                                                        Entropy (8bit):6.046073671518099
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:tgJR4J8xT9uY5zpaDV3HvI72D1p5A6DXvlq9nQwSOeCr3qOcmTh3FR:iD9uY5laDFI72rq6Nq9sPCr3VThb
                                                                                                                                                                                                                        MD5:BF7213298BAC44FA3F16103C0BD6082A
                                                                                                                                                                                                                        SHA1:54111F4835D50C439DF49758839FD12E94C2F3F5
                                                                                                                                                                                                                        SHA-256:914DA8F46D0DA66AB48ED7FC51A7A8C855553EF7B8A547A76FDAE9B4D3B46D69
                                                                                                                                                                                                                        SHA-512:4DBFDF5902DDCEF5CAFB8EC73E92FBB3A75C94D4D51BF8B33EE22B23902BDAB36D3AA852D64DA1FC699B3C5C39AA78386CA486F399B88190797062A0820E3F04
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.30.0.0</from>.. <to>7.31.0.0</to>.. <version>7.31.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>E6S8fN1H90ODvTK24BMYoA==</checksum>.. <checksum-sha1>SEDqsgTJbkzlzHIxBXetPBWSG1w=</checksum-sha1>.. <checksum-sha512>ALgSkhlpqKQN5Vw+T5qIPBYh0b7pJx1mudcQaTLwAAxcNGVxz+dpQaGCaOsMZiHX9Eu14YFX1GsRpStIAMxPpg==</checksum-sha512>.. <referenceSchemaChecksum-sha1>C/T3ns4NsC4wSky3OEbT+04sJF4=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>38lvkz6hWOyCXNAiaWDnnZbRFYF8CGUp5eLhFDVafBgsqWyT+7fdX8rcDzp623whx2V6pqoXBVvi8cT4SWrYxQ==</referenceSchemaChecksum-sha512>.. <script>7L3tchtHkij6fyLmHfpE7D0EZ0GIlGyPxzIdokBR4rEocQnKmhhfh6KJLpA9Arox3Q1S2Fe7P+4j..3Ve4mVnfX40GCVL0rHHOesTuquyqrMqszKz8+P/+n/93ZycZNWmRpVWWzCuWzi6m7M9/qlmTpEWd..fyoW02mdlMVz/uxfi7Jh2ac8Y0WTT3JW6Vdf0nHzKb0oq4Y/uyz//Kd8krx4waqqrJIff0p2kwt2..mRfJombJrw2bzbOL3xJWZLztn/+EQ3n/4Wz

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.31.0.0-7.32.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):404989
                                                                                                                                                                                                                        Entropy (8bit):6.045763680099981
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Pw89IsNqX0Ch2L4PY52mRmUmrkSQSjNOw5eM3S6DC4vEP/6RcCapbzabT4v1CId:vIa60g2MgVmUUp3SSEY2bza34vpd
                                                                                                                                                                                                                        MD5:977310AF8DDD3E2F7D0320B66CF003D7
                                                                                                                                                                                                                        SHA1:DA49D3994E0A75774AB5199DBB439110DA39A810
                                                                                                                                                                                                                        SHA-256:25FCFD3722D43BF8CD2946715BE0B44A478FFDFFBCD83937D42007F22496DF8D
                                                                                                                                                                                                                        SHA-512:DF0E59D22E41FAA7B3EEEA26ECF9D8FA79555F48E58F28C43AA19B31C76062966CB2577B45D9B407272BD5E8CE7E418CE1DD008A402D46BBC59CF853A7A769F1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.31.0.0</from>.. <to>7.32.0.0</to>.. <version>7.32.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>jvdiK4JVoHNepNMzshWqxQ==</checksum>.. <checksum-sha1>N3LimqwOh0xVKf683q/YlAJKfhI=</checksum-sha1>.. <checksum-sha512>L4lTQ0+ROKp6Em+u3oVdaAikrJkMoPL1DyDsyDw2aC/CZvUpxWNsUOQ2pjUHaPjCwHMzg05Gcs2ZY3DINGdeAA==</checksum-sha512>.. <referenceSchemaChecksum-sha1>V/P1H6TRZn72WhTiwxJM3+2zTAM=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>uLM6MvbsYWARI87Nv49kCJqeOCzOow1DCtPsmjgUdB4Sdmc/KwnoVXht60+lJi8dxb+5Xj9n2E3XCFfr7vtyiQ==</referenceSchemaChecksum-sha512>.. <script>7L3pchtXljD4vyLqHXI6vmkCVSBEynZVtWU6RHGx2dbCJiizoh0OfUkgQWYJyERnJkShOmZebH7M..I80rzFnuviQS3CS7ldFdFpH3nrzLueee/fx//8//u72djJq0mKTVJFlUWTq/nGV//EOdNUla1Pm7..Yjmb1UlZPOPf/mtZNtnkXT7Jiiaf5lmlX31Mx8279LKsGv7tqvzjH/Jp8vx5VlVllXz3fbKTXGZX..eZEs6yz5pcnmi8nlr0lWTLjtH/+AQ3nz9u

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.32.0.0-7.33.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):306007
                                                                                                                                                                                                                        Entropy (8bit):6.045936151322805
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:wHeFoRuHtN8YIUI6difYeasnu0N4LATkRxDX+jwyt:w8oStIsiQeLn/eLAyDst
                                                                                                                                                                                                                        MD5:6F8987E9D3419AF74A69059B2D8D604F
                                                                                                                                                                                                                        SHA1:276594DAD8A44E12BD05556C15729B55F8245E7E
                                                                                                                                                                                                                        SHA-256:0F8D73C9346D9AD114B5D4B830933C65B847989ABB2263AA1959C6CF3CCFC555
                                                                                                                                                                                                                        SHA-512:3CC6E089606FC78DD9E839DDBA6205AE979F7E2A3C4C0E5D0E7CA1B2F58402906BA1398078052B548594524D57A26FB82562C22BA14C8F72DEC58047C93D88DA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.32.0.0</from>.. <to>7.33.0.0</to>.. <version>7.33.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>SMgVJrlCpBVEEzRIhh3e+Q==</checksum>.. <checksum-sha1>5HIvUsilC0GLwS6BNmclPjuJ3Zo=</checksum-sha1>.. <checksum-sha512>yGzIzKCH6pD59tRMOpy2dW1QIN5WcfyFrjTP2jsaZXenPrJvZU+WWsgP/2twj4oicZZOlQjHEQFttQVPn3alqw==</checksum-sha512>.. <referenceSchemaChecksum-sha1>04/htBnG+XV8Nrqy59stg2fR8AM=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>dFnOfG0stRuu3f9Ms2xL/3t3T788CF1JkZkeFySxZ8tCKRpjrxvuU+nU/PFQmpL0n+cKMp294HP7x3KI8L5/sw==</referenceSchemaChecksum-sha512>.. <script>7b3rctxIkib6v836HWC7ZityVmDhfqlqtTVLpFS0lkoaUapqm7W1sgAQIHOUmchJZEpi23mz8+M8..0nmF/dwjgAzcMpMUVdMzO5ixGRUTcAQiPPz6ucf////+f7ZtXW/EshDrwlqtpVhkc/nHP9RyY4ll..PfttuZ3Pa6ta/qD+9m/baiOL32aFXG5m5Uyudz99EfnmN5FV64362031xz/MSusvf5HrdbW2/vRn..y7EyeTNbWttaWv9rIxerIvvfllwW6t4//o

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.33.0.0-7.34.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):401478
                                                                                                                                                                                                                        Entropy (8bit):6.046277484953539
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Yt10VoCkNllQdrLVXZW5D96mPK1KSSzMvoFs34ausTP4zUnARq0ZC5npg:Yv0oCAQdVXZW/QTSHOXbU4I
                                                                                                                                                                                                                        MD5:3C3D4CD657F3745DA686D953B4FFE1D0
                                                                                                                                                                                                                        SHA1:11DB91D08A22F688EADA552B152362A3F1629308
                                                                                                                                                                                                                        SHA-256:8CD78E2937B2E3A935C6FED990A693B2D0774CE55FB66FDD2FD6843BA71B5A21
                                                                                                                                                                                                                        SHA-512:831E14071DB6C5827273A2949CDC65CC9CECDD454445A4E5C461124225C306DAB5FEA2345C2814F5C3898FBCF6AD3B251F81A63DAC5CF51B6CEF6166222C791A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.33.0.0</from>.. <to>7.34.0.0</to>.. <version>7.34.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>+ZapW9mDgxrIdDJ347GP2A==</checksum>.. <checksum-sha1>DEQM+QqkceMCbbyq4EyXeMqUMxM=</checksum-sha1>.. <checksum-sha512>IdCGGX44lkfQp9LJ5xnGSicVF/3zJqG9vDczpT3dZDLLgSUNAIVkwQ85ggESoNTlF8ECZGC+iZEGXmNAs/6h/Q==</checksum-sha512>.. <referenceSchemaChecksum-sha1>yKGZnCnIo2AOg893pk5W2It2bFA=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>hRoqTmOkzzmQadf6NeSr9lugosd6Oi1nUzFvWP64X+OUlGYu4P1RPlU39eBFz5ikpOoEyagSsIo2iJt7X+nc3w==</referenceSchemaChecksum-sha512>.. <script>7L3rctvakTD6f6rmHXCm5vtEJRQt2d47iR3tsiz5wi+2rEiynZpdLhdEgBLGIMAAoGSmzpudH+eR..ziuc7l73GwBKpKydCauSbQFrNdalV3evvv5//8//u7MTnTVxkcRVEs2rNJ5d5Om//1udNlFc1NnX..YpHndVQWz9mzvy/KJk2+ZklaNNk0Syv16ns8ab7GF2XVsGeX5b//WzaNXrxIq6qsoj//Eu1GF+ll..VkSLOo1+bdLZPLn4EqVFwtr++7/hUD58PD1

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.34.0.0-7.35.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):443881
                                                                                                                                                                                                                        Entropy (8bit):6.045814443857778
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:wcounHkt1sdOEMRjxSC3P6q8+TAWpfeYBJ3:5tkARhsUWt
                                                                                                                                                                                                                        MD5:C0EEBB7E6E1B032F4238B3711AD7FF5C
                                                                                                                                                                                                                        SHA1:AD40838B79A284F187D2C5F467BDF671EFBD9924
                                                                                                                                                                                                                        SHA-256:CE85978AB270118033570959504A060401A8732A8C623D004A424A5477774C23
                                                                                                                                                                                                                        SHA-512:F28BEDB0568FD08FF470AD967C5D82570DCC14FD9ACDD0AAD90934E59D4A8FA66E7D56589D89A7570A674461E188544DC1C68C4953F71972D717FFB0A1C7477D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.34.0.0</from>.. <to>7.35.0.0</to>.. <version>7.35.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>C7axwgCGorpxhpaX+QmPjg==</checksum>.. <checksum-sha1>Zu93AukbPij75WlJQ7UApc24IAQ=</checksum-sha1>.. <checksum-sha512>xpnaizh8c41qmlGJ5UAklQcVkXBrOBo3bH17RA2aFSL49F5JVkEqSG6soycv0AGS5PjxsMZawRl6jZEvVAclRw==</checksum-sha512>.. <referenceSchemaChecksum-sha1>5m1e5RveYKQgBdT3kkobPDt7HxM=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>kYFkCcZDtHJ9M8VlQsMELaGCLPjiPVUk2Bf8OHhPGdTPvGgz/mTn5aZZLOcOpBJOFGjt1qA8AMdLk48hLgGtgg==</referenceSchemaChecksum-sha512>.. <script>7L1rc9tIkij6fSLmPyDinhsidyhacr9228MOyZLt5mm/VpTsje3ocEAkJGFNAhwAlMz5a/fD+Unn..L9zKzHo/AJAiJbrHjIlpC6hKVGVVZeU7/+//93/296NRFWeTuJhE8yKJZ5fT5K9/KZMqirMy/ZQt..ptMyyrNn9Owfi7xKJp/SSZJV6VWaFOrVl3hcfYov86KiZ9f5X/+SXkVHR0lR5EX091+ig+gyuU6z..aFEm0e9VMptPLv+IkmxCbf/6FxjKu4uzkx

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.35.0.0-7.36.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):406463
                                                                                                                                                                                                                        Entropy (8bit):6.046064575141469
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:WWx4oDenAh3PmSo7wng1/wddc1Z7WMRX/31udYaeF:VxrDeA+J7B1/ga1UwX/Nx
                                                                                                                                                                                                                        MD5:C5529E5508D50ACDE3283426898A69D3
                                                                                                                                                                                                                        SHA1:0452647522DC1BBF51307062127B3438D56F4001
                                                                                                                                                                                                                        SHA-256:F6103B9F94A7AD44987AB54A16C8A08347CCD908703969AC842229EB65877C04
                                                                                                                                                                                                                        SHA-512:79F03E7190B30B30E54D579C5758A9F3FD0CBCE32D0143CDDC50F617C7AB99D289036A4F52BB018CD89FE8DC693E167E2D2EBE6B81BF51BC4DADAE535DA72740
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.35.0.0</from>.. <to>7.36.0.0</to>.. <version>7.36.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>qJqVYfhXcj4b2Gn1NJGn2Q==</checksum>.. <checksum-sha1>ZFEundttZUG2K7RD+kPZU2qGfsA=</checksum-sha1>.. <checksum-sha512>li5h7FRuzwchNBbkDKOmQJkQfMyOzQfk3wVntsNTNOfMUe5NSMB0S6xXUCWdtgH8UZEy3XCsGTtV82m+SlJ2mQ==</checksum-sha512>.. <referenceSchemaChecksum-sha1>J/27OraITRUDXmxWyNMYt/12LXE=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>ZWrL14o2XoCl4gPvyqfcn7Z30jyOTDG79lZ+GMGgxEsyNzuapHtQ04dNU6arh3FPNyBTcT4xqq4Xh/VCbpsBGQ==</referenceSchemaChecksum-sha512>.. <script>7L3rchvJkTD63xF+h44vYpeADWFIzcW2xnSQIkWJnyWRS1Ajx04oFE2gSPSq0Q13N0jBP/bFzo/z..SOcVTmZWVXdd+wICIOUhYtcjAlVZWVmZWVlZWZn/3//z/z57FoyKMJmE2SSYZyycXcXs97/LWRGE..SR59ThZxnAdp8jP/7p+LtGCTz9GEJUV0HbGs+ulrOC4+h1dpVvDvbtLf/y66Dg4OWJalWfDXvwW7..wRW7iZJgkbPg14LN5pOrTwFLJrzt73+HqJ

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.36.0.0-7.37.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):375501
                                                                                                                                                                                                                        Entropy (8bit):6.046375524136331
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:+nPZXIHgOn4OxsxxZ+0LCEW08IK24Sh0j/+gSo3RGo6DgD9hg5Q/7xUj/jNQ/v:+PZXIz4OcxZ/0Ih+rHhGo6PQjxujNsv
                                                                                                                                                                                                                        MD5:DCE554F26BBD193E169ED684B6F2B7F3
                                                                                                                                                                                                                        SHA1:FD3DEE958A3F46B73CD1D8E5AE8CD97F1C963E48
                                                                                                                                                                                                                        SHA-256:EA488E9163CFE53A3915A3CEF79B6FB796BB57008599BC8CCFED22FF149B3550
                                                                                                                                                                                                                        SHA-512:A7A6D0E4AAB228C6B240E389B4D639464AC4F7E81B3685B4ADC9951E708D23BD16EFE82B6227EEAEB8BB8C82EC66B9CCF9D841EE1D32ADA5A1568BFB8C15D9D1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.36.0.0</from>.. <to>7.37.0.0</to>.. <version>7.37.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>w/QawrIZKrALPn1dRYQXSg==</checksum>.. <checksum-sha1>ALHaP7Jg7vBaPYXsVEobdElyOT4=</checksum-sha1>.. <checksum-sha512>Yr1OuP7RFNg2xFb2WKF6JkcljrEh9sZgk53ebMo62E9ZxrV5xbF0zmAGgfA0wI8vWKwQvg8DuIVPn3KiSIYYpw==</checksum-sha512>.. <referenceSchemaChecksum-sha1>cF5cHi2Gw9k/jxmNtVFsNSPngx0=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>zljlzRDFvOJWK3Qo7qPBaEd10VVHz2G83wkFqfCC9jcy7LYqD1raNZoi6X5wGxrRFzH4cbwIdHh93OxatNCj2g==</referenceSchemaChecksum-sha512>.. <script>7L3rcttIljD4vyP6HbCx37bIHoqS7Kru+exShWXJrtKWLxpRLlXMxIQDIkEJbQpgA6Bkzavtj32k..fYU9l7xfQFCiZFW1EDXTFpF5MpF58uS5n//v//l/NzeTUZMWk7SaJPMqSy/PZtmf/1RnTZIWdf65..WMxmdVIWL/m3fy7KJpt8zidZ0eTTPKv0q6/puPmcnpVVw7+dl3/+Uz5NXr3Kqqqskh9+TLaTs+w8..L5JFnSX/1WSX88nZfydZMeG2f/4TTuXjp+

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.37.0.0-7.38.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):374595
                                                                                                                                                                                                                        Entropy (8bit):6.046510250381232
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:vAKY9SUuUf+AXLkTlTWvPML04w2R3W9mvASH5ujL6yAFAUOjsUHTkK2u+diKixHE:v52SU5f3XLyFWvPMG25W9WzQ/6BFAUOc
                                                                                                                                                                                                                        MD5:6C391F2C51605AF58D606818EFFFA73F
                                                                                                                                                                                                                        SHA1:A13D5E979CCB21A9CE92252F5B3E6EE0932DBF6A
                                                                                                                                                                                                                        SHA-256:5C2C84B897C3D7F804F7E31E29DFB7396D58AF7CB15968EAA092B40B475C7412
                                                                                                                                                                                                                        SHA-512:560BE05D5D56067DEBAF5B82309A9A7D701F6EB1D31581B158C17E7E27B9F15D4AACD3CF75B2AC5A2167AFDC4B36916003134D0F3447B64C384A8953992BAE66
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.37.0.0</from>.. <to>7.38.0.0</to>.. <version>7.38.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>l0v/K8fV7r+Ga6uHxRxwjg==</checksum>.. <checksum-sha1>G6+K7Li5kEXRS7RBV3wBSyKRwzk=</checksum-sha1>.. <checksum-sha512>xuQg4NhZgVRIDVF2ur3Dp16KXl9J5quYn8R72aCaqEA7Kx5XQeGym4rncW4NpiIjvwyU9Y8+7IHdrL+TmORqfA==</checksum-sha512>.. <referenceSchemaChecksum-sha1>ePVZIQh5V6o+QVptmowj2Cl2JbU=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>n7KF7JYYBhUJgvlCvyJ20ecJy+cKyPLIEJzTYxpGiuwkAasT3wjDW7j2aQSWXAtyAZ4ToatwGGJyb4z2S5fxvw==</referenceSchemaChecksum-sha512>.. <script>7L3pcttYmij4vyLqHXDvjWmRPRQt2c6qG3Yqw7QWpyZlWy1K6Yrp6PCFSFBCmSRYAGhZ3TNPNj/m..keYV5lvOOTgrFoqyVd2F6K60iHM+nPXbl//v//l/d3ejcRkvp3E+jVZ5Ei+u58kf/1AkZRQvi/Tz..cj2fF1G2fM2//W2dlcn0czpNlmU6S5O8evUtnpSf4+ssL/m3m+yPf0hn0Zs3SZ5nefTzL9FedJ3c..pMtoXSTRv5bJYjW9/rcoWU657R//gEP5eH

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.38.0.0-7.39.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):388699
                                                                                                                                                                                                                        Entropy (8bit):6.046423935679692
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:UMo0OWiR++4VoMCnmY/GZAZO+O+5lJi+fdQU6awVCBSkM90k3exBG1QQxSkSQYLF:UMVOWiR++4VoMC1/GS4+tfdQUDo/N3eR
                                                                                                                                                                                                                        MD5:3F4A282353EBE5543802939A80526CC9
                                                                                                                                                                                                                        SHA1:8F5A20FD5EDF67CF7EBA2B4BC633F0C48E3531AC
                                                                                                                                                                                                                        SHA-256:0729607300E1DB8F0561B1CCDF2097C81868ECF2C8E429D10589F08ABE06E027
                                                                                                                                                                                                                        SHA-512:05BFC9BEFBBCE6910942B649672026496D6D42ACB975E581FBA9466E0D98F246DD2E0D82C9927934913C075EB84F738F1E38E80A83D7BE0A4DD5B119BD09146D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.38.0.0</from>.. <to>7.39.0.0</to>.. <version>7.39.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>rqjnr22Z71ZeLWOXEGkh1g==</checksum>.. <checksum-sha1>KslPEBtohTnukWXcwYMyoascqSo=</checksum-sha1>.. <checksum-sha512>Z6XfjP0Ub7VTspuikznLu9a4br3QPXz7XmJ3imr0C3dnLnTx75JT5RD2gfIYYDex4L7NKUsr7TB0t6Q/14ckWg==</checksum-sha512>.. <referenceSchemaChecksum-sha1>7/l1TLbm40Tiv4iJxP1MC28y7Sk=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>BImUNRnOSjhKzcA5Lsx8HyOSa1sFgY+JFp/3LfSpZE13JR2ayiedpcYhbVJAZNXCCXTRoZYf00RTBhZXuKtgPw==</referenceSchemaChecksum-sha512>.. <script>7L3bcttIlij6XhH1D4gdEyOqRmJZruru2XartmVJLmuXL2pRtjtmYsIBEaCENgmwAdAy+9fOw/mk..8wtnXTITeQVAmbIlm4i9p8tiYiEvK9f98v/9P//v7m40quM8icskmpdpPLuYpj/+UKV1FOdV9j5f..TKdVVOSP+W//XBR1mrzPkjSvs0mWls1Pn+Jx/T6+KMqa/3ZZ/PhDNomePEnLsiijv/4WPYgu0sss..jxZVGv13nc7mycX/RGme8Ngff8CpvH5zdn

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.39.0.0-7.40.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):439239
                                                                                                                                                                                                                        Entropy (8bit):6.046156446434901
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:d7l6taGDP5FmcPu8nZYV7LCT9BYgvRdskWOoPbgujZl4:r6t3RFJ2YZYV7L4TYkQkKrH4
                                                                                                                                                                                                                        MD5:66E8542A7575B74DE971CD8AD6F8A495
                                                                                                                                                                                                                        SHA1:61EEB8402494B5AFA2653EF04A3E90AEFA174319
                                                                                                                                                                                                                        SHA-256:60D46D0E7359018E85DBEA82E2404C52B1A8A6C51BC604E6256D2A1077B1FDF7
                                                                                                                                                                                                                        SHA-512:910322EAF233826EABDA077104D1C75D03F9D8ADF25EF510316C2F04C707D5D54E2BF68CE2FEE28F70CAA8BD0BD8F0EBD0EA39857941055EA33206C0157D1B41
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.39.0.0</from>.. <to>7.40.0.0</to>.. <version>7.40.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>Wk4qVz38CVuwTHmGJYfYgA==</checksum>.. <checksum-sha1>gykAPH6CeooIiPM3kpn2xHw/3fk=</checksum-sha1>.. <checksum-sha512>rnlQq+aEKlsCzQb5IH6oNQGwa+ZKSBeiMZuqVuZpLf/4rOX8KNeAWHvAZPt6C19c4vl/V/fczQg1RlRzxvLobg==</checksum-sha512>.. <referenceSchemaChecksum-sha1>wC4T2Ari6578fegHdJrPM/dBypA=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>I/+bNKfNe31njc33Lhz5v4/CSJJGoxMDN6NFPpaNRmHAkFQuQtFMN9FMlryUkmTwbD9QYzelT7DGFDounla03g==</referenceSchemaChecksum-sha512>.. <script>7L3tctzIkSj63xF+B5w4EVbT2+wRJc14VzIdokhJwzOSyCWpkeM4NhRgN5qE1QTaAJoU99Xuj/tI..9xVuflQVsr4ANEVSnLU7HGMRqEpUZVVl5Xf+f//P/7u5mRw3aTFLq1myrLL04nSR/f53ddYkaVHn..n4vVYlEnZfGCn/1jVTbZ7HM+y4omn+dZ1b76mk6bz+lpWTX87Kz8/e/yefLyZVZVZZX8+S/J4+Q0..O8uLZFVnyd+a7GI5O/2vJCtm3Pb3v8OhHH

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.40.0.0-7.41.10.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):328222
                                                                                                                                                                                                                        Entropy (8bit):6.046616022252253
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:uMRiC9/yFpyEYoxR8PIoSE7HqrvQ5AtHVX3LpbNp5At8nWvrTBsRhU37jFAp+FB2:Pj/cvY4RaSGOYoH53LphBWv/BsRjl1X/
                                                                                                                                                                                                                        MD5:D46A074F121283C61D27FF067718E58A
                                                                                                                                                                                                                        SHA1:5F05241FD11CABBC962BD01C95EE84EA5630DFDC
                                                                                                                                                                                                                        SHA-256:A3C53E91A61C253F8CBF1CE77DB1416A3483B2B473158C9C8BB8E1E1FA1BEF9D
                                                                                                                                                                                                                        SHA-512:C93351BC5AE6283594BF089EF52E1EF60B3FCAFE40754BBB8ED9B81B3D5705BD0DDD962E8727EF2CF2C239828FD9D8E0BF41929A26EC92D37DD10C36120092BA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.40.0.0</from>.. <to>7.41.10.0</to>.. <version>7.41.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>klIJkqvE+1KiKd6vtNPE4Q==</checksum>.. <checksum-sha1>EBEnEvtHiW4EPmwiJL+l2n8LRBE=</checksum-sha1>.. <checksum-sha512>7WGtHj6tNOntklg02O14ZyYWon2NuHqeowS5DmnphP4dh5YXuzNdXCFGsOYaiY7bamjtP0ZTF/Y/kiNbkUkpjw==</checksum-sha512>.. <referenceSchemaChecksum-sha1>Y6/GzmlpLIU+uFuZhPAYuXXRrOY=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>aINgEP2Ls6M5Eeh+ND36YHpNrrdks/YFDVg2TZjAE74QwEF91nfeLavT0tpSF38qU/7hukWplMS1kjoozrKlyw==</referenceSchemaChecksum-sha512>.. <script>1b3rctzGuS78P1W5B9T68UnaJchonJFsp0yTks0dnbZI2akvlXL1kZyl4WDWYEYS1619P75L2rew..n7e7gWlgMCTtyLHDrJVQRKPR6H4Pz3vE//n//v84ji62fKX4RkXrjeY3Yqn/+IdObyO+6hY/rXbL..ZRe1qz+7v/3Xrt1q9dNC6dV2YRZ6s7/0mcvtT1y0m63721X7xz8sTPTNN3qzaTfR//xLlERCXy1W..0a7T0d+3+matxD8ivVJu7B//QEt58/7d6

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.41.10.0-7.41.20.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):328421
                                                                                                                                                                                                                        Entropy (8bit):6.04649837041
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:kht/JVIyHT/vMFdmWnebuqtGVM+zruNOXhRuZTmY++jU/fqFTITlQ2Z34wHZA+M:M/3IQTK0qebuq6eNOPuhGKFOlQ2Z4N
                                                                                                                                                                                                                        MD5:D2B621E54B2F594B5BAF25FB4C1007D1
                                                                                                                                                                                                                        SHA1:C2E5FB425963193021EFD55DC11FE40ADCF76E6B
                                                                                                                                                                                                                        SHA-256:8A8198B5CDF25B7BD2D83F417D865DBDBFC3C8D60F613AB214A8E2AD0E0DCE65
                                                                                                                                                                                                                        SHA-512:45A895A63B1915A582AD9C9C56F6867AC0ECEBD0C6B1B33D8587819356587CD4B6618BFB0565B1ABA553CD0D31C3F54DDD6918E094C4DCB2C0C2802827F1A8C7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.41.10.0</from>.. <to>7.41.20.0</to>.. <version>7.41.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>D4+2nw/8SgKEe51Ts0B7Lg==</checksum>.. <checksum-sha1>wnRHKsISWtaPUH2aqkp2iHW6Iio=</checksum-sha1>.. <checksum-sha512>uHXq2JdEegn4iA5pd5b9QAxuTZBlSfo/JM2xgFQcBYdg+hhFl4D1qTFS0XADFQxvKSEDUBKsOUlBkfzeUh9hhA==</checksum-sha512>.. <referenceSchemaChecksum-sha1>x44SLBl0cW/zQH8Nu6PrXhF9Joc=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>1QcpPQei4fl7W2eqwr3zumONB5CDRHGBwALiDD0nkZ5ZTX1WjedtNDyQq/weoMfhoC4k6CIXsXIYZ6ueudFtNw==</referenceSchemaChecksum-sha512>.. <script>3b3pbhxXuiX6v4B6h8BBoy1dKOiYh3K5YJqSbKI0HVGyC91oGHsk8yiZyc7IlMR6tf5xH+m+wl1r..7x2RETlQlK3y8WkWUBaZkTv28A3rG/f/93/+3ziOLtZiocVKRzcrI67l3Pz5T51ZR2LRzX5ZbObz..LlouvvF/+9+b5droX2baLNYzOzOr7UcfhVr/IuRytfZ/u1z++U8zG333nVmtlqvor3+Lkkiay9ki..2nQm+p9rc32j5f+KzEL7Z//8J07l5dvX

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.41.20.0-7.41.100.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):321482
                                                                                                                                                                                                                        Entropy (8bit):6.046546199218454
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:xiVskzMJCwXS7bBD1snuYDDaGWydNicxVjt8K31gWDxMBY9oKpu78v:xEMJCwCB1MDDa1yDJt8KLMB5KJ
                                                                                                                                                                                                                        MD5:8A48E215E42DA15B213A94A446EAF6E7
                                                                                                                                                                                                                        SHA1:D4ED691B8AA3336540E0BCAA68BD4D673999D216
                                                                                                                                                                                                                        SHA-256:45B8EB61B683A57078101D3B99A4AAB8C12F45099410493C2F79CC3294EBF405
                                                                                                                                                                                                                        SHA-512:11E7ECEA333C85915D8E4155BEA2906A30A38C266601E62F7DA767364F5827AF25AC1D17359AFB5291E388214DC2CB9D601BE2E632C4E37CD2C3A1438A47D6C7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.41.20.0</from>.. <to>7.41.100.0</to>.. <version>7.41.0.0</version>.. <targetService>Broker</targetService>.. <exclusive>False</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>0madDNNhSC4s//ZfGTdDHw==</checksum>.. <checksum-sha1>fj/0U2exMqOlHeIEjEorM9GlwuM=</checksum-sha1>.. <checksum-sha512>Vjv5dCERsfM5o8jccYn/TYJjdF/NwM61WAO0vblDK57FVOapyG9jdqbCQCMAAdfGMisTVMBVAJTjxSmI6aFXMw==</checksum-sha512>.. <referenceSchemaChecksum-sha1>6dK4elX84Hpwqn9xSkMWkeL9+mw=</referenceSchemaChecksum-sha1>.. <referenceSchemaChecksum-sha512>gKg69TzixL7tSgxvYIzOkH3SV3cFsyZCbgbyA5ugrjIFlVv0PkoTt6gaKKdtCCUQEydoguGb9Ci322mh3JppnA==</referenceSchemaChecksum-sha512>.. <script>zX3rjhzHleZ/A36HhH+spIVSyrhlRIzHA7dJSiKGFDlsUjZ2sBDi2l2j6qqeqmqS7VfbH/tI+wr7..nYjMqsy6SLRHXqwGGDe7siPjcuKc7zu3+j//63+3bXO9c6voNrG53yR355fpt7/Zpl3jVtvFj6uH..5XLbrFe/r7/7z4f1LsUfFzGtdou8SJvDRx9d2P3o/Hqzq7+7Wf/2N4vc/PGPabNZb5p//pema3y6..Wayah21q/n2X7u6j/59NWsX67G9/Q1N

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.5.0.0-7.6.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):396126
                                                                                                                                                                                                                        Entropy (8bit):6.046011263347626
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Ix7nENvm/RaMlBP7VgiEMi9ogxsq4jlry6Ce/onlTgQ4npBISVIuP:IxwNvWogNWiEm62xryg8ZgHBh
                                                                                                                                                                                                                        MD5:D54970BA025795F9208B372DBA344EFA
                                                                                                                                                                                                                        SHA1:DD9D9C6A54853DEF235B0A349639F0B7D4630064
                                                                                                                                                                                                                        SHA-256:45E03D9A75A3712D10A143C59778BE22531300A345346BEF7C45284484967CB1
                                                                                                                                                                                                                        SHA-512:0106D8A05B7662CD9A62391EDA80219A5CC447F250AF3D5E2D388F4F8D721B951F0608E33FDC20A87DA960072DE9BE34F877397B0CC67CFA19DFF1D9A7842ED9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.5.0.0</from>.. <to>7.6.0.0</to>.. <version>1.0.0.22</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>p+FwiEMakJssW4uibVd71A==</checksum>.. <checksum-sha1>8KMMm2i0RE2seJ6Wz+ffVvYmsyo=</checksum-sha1>.. <referenceSchemaChecksum-sha1>zFwl9I8dfkROickRsoTTgypoHe8=</referenceSchemaChecksum-sha1>.. <script>7L3rduNGkjD4v8/pd8B+s7Mip1UsSWW7e1yWT6mkkotjVVktqlx9Pq9PHYgARUyRABsApeK82v7Y..R9pX2IjIC/IKgFfRbvPMtEtAZiAzMm4ZGRnx//0//++zZ8GgDNMozKNglsfh9G4S//lPRVwGYVok..n9L5ZFIEWfqSPfvnPCvj6FMSxWmZjJI4r159CYflp/Auy0v27D7785+SUfDqVZznWR58931wFNzF..90kazIs4+KWMp7Po7tcgTiPW9s9/wqH89OHm/M2nwfnbN+/Ovg3+2vu6d9Q7ole3Zzc/vLlVXn3D..XtHL/9jkjyB+mEVhGQfXEiVb+cogfIiDcDabJMOwTLI0SMNpXARlFiB+sjzMF8Ewm8ynae/Pf2LY..K3NYGMB1QliO4uEkzOPg1aCMZ0GSlsFpcPySMD8c3306z9JRct+7yNh0sFGHmnaxHVuPP/8p/hIP..5zBZpQfQRF5WnRh8gBtOSlj0MgSUqM3PqikUf/5TAL8wigJ4+h7mo40kKWaTcIGPARot/jCbTpPS..mNfy1NMWO

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.6.0.0-7.7.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):351686
                                                                                                                                                                                                                        Entropy (8bit):6.046146073431728
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:7ZsDC47cxK9z9w+t/kDrJwVUmdeFa42rUELhA5Ap:uDCwz955kfvsjvW5Ap
                                                                                                                                                                                                                        MD5:06E069151D69C54C0E88D51FAA4F1A44
                                                                                                                                                                                                                        SHA1:C4FC22A294E516F03E3D15054F50C54C76E1F7D5
                                                                                                                                                                                                                        SHA-256:19251B535D9A121E0809836248EB19230F52642E348F5D66619144838AFF5B56
                                                                                                                                                                                                                        SHA-512:9551DF136D3BAC5216A0E37C956A909298290DD27B359F7D8D0DCCFDE659D7F8913EE7A6052D3B5D2EDA762B2172D11EB99AD29BD798C88E1220FE8EEF9BEC92
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.6.0.0</from>.. <to>7.7.0.0</to>.. <version>1.0.0.28</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>c8/zfvEV8S2d28z8ywkabw==</checksum>.. <checksum-sha1>HDeurltlSNPPlngLZLRiyVOGgbI=</checksum-sha1>.. <referenceSchemaChecksum-sha1>cCRf26I1EJYmUPPhnFamXUGxxeU=</referenceSchemaChecksum-sha1>.. <script>7L3rcttIkjD6vyP6HRDznbOiZijasvuyY48mLEt2j7ZtWSvK7Y2vo8MBEaCENQlwAVAy59W+H+eR..ziucvFQV6gqCEkmpzzRjt8cCqhJ1ycrMyuv/+3/+n729aFjHeRKXSTQr03h6OUm//aZK6yjOq+xz..Pp9MqqjIX/Kz/5kXdZp8zpI0r7NxlpbNq6/xqP4cXxZlzc+uim+/ycbRq1dpWRZl9Le/R0+jy/Qq..y6N5lUa/1ul0llz+FqV5wm2//QaH8uHj+dGbz8Ojf7x5f/gi+nHww+Dp4Cm9ujg8/+nNhfbqR35F..L/+8zh9BPLqO86s0Go6u02kcnaXlNKuqrMirTXxvQ3M4LotZdJxOUtizJzyhJBou8iJfTDcyD9jv..4vK/U0CELOntjK4vPx8V+Ti7GuA/3xVX8FcOb2EZ38bZZF6mO7tRVkV5UUeIaN9+k+CIKx5h1KH/..XfFszfOWa/22KNPsKo9+ThdVdJLLtY8uYjhVG1lxgKgt03FafamL2UV8VUUveEjFZVXgIKKxGNsX..GNu33/AK1

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.7.0.0-7.8.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):227526
                                                                                                                                                                                                                        Entropy (8bit):6.046901117945516
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Ob8bB9+T+mOqD9ygnnHBJVA5KTS2TtIWVwu:ObiB9+Td9nnx+K+9u
                                                                                                                                                                                                                        MD5:A26A663F244EE75F03CE402BBABA2BD0
                                                                                                                                                                                                                        SHA1:2805758256F0434641D58DD17FBB4D0AC9136BDC
                                                                                                                                                                                                                        SHA-256:191ED580AC0173DDF9664AE30868C74D331318651B6C7D0601ED1BFE94BB7FC9
                                                                                                                                                                                                                        SHA-512:E34F2AA3A6C1EC5762A8296B52BC6F54B8D28FD5AC2B77582167C6EED2594859231AEE50B94F70C414825E847014B82AEB8667770763BF5DF58FAE2A1736ECA9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.7.0.0</from>.. <to>7.8.0.0</to>.. <version>1.0.0.12</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>xCBT9pvSy4Kw5IKsNv1vUg==</checksum>.. <checksum-sha1>r+N8vFKSC2A2ySBVxpl6ceiwlTo=</checksum-sha1>.. <referenceSchemaChecksum-sha1>bBxRwcvpvQQnwmvDY0XauchgR2E=</referenceSchemaChecksum-sha1>.. <script>7b3rcttIsjD4fyLmHbAx34aoc0S2br7Ibk1YTdlu7Vi2VpRbG99sRwdEgBLGFMABQMmaV9sf+0j7..CpuZdUFdsgBQlnz5ohnn9MhAVaIqKysrK6//3//z/w6H0aSO8yQuk2hRpvH1xTz961+qtI7ivMr+..yJfzeRUV+Uvx7N/Lok6TP7IkzetslqVl8+pzPK3/iC+KshbPLou//iWbRa9epWVZlNHPf482o4v0..MsujZZVG/6zT60Vy8XuU5olo+9e/4FA+fDwdv/5jMv719fHBi+jZ6Nloc7RJr84OTt++PjNePRev..6OV/PeSPII6v4vwyjSbTq/Q6jk7S8jqrqqzIq8f43iPN4bAsFtFhOk9hzX4SE0qiyV1e5HfXjzIP..WO/i4l8pEEKWDNamVxd/jIt8ll2O8M+DJDkvyk9peVYcptWnuli8LYvl4ijP03JtPcqqKC/qCAnu..r39JcOSVGGm0Apz70t0D40Hh/k1RptllHv0jvauio1ytRXQWwy774Sjptyy9raL6Kq4BodPiOv3x..5gG0E71Pb

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.8.0.0-7.9.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):339100
                                                                                                                                                                                                                        Entropy (8bit):6.046358159367523
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:c1FhI55sr6Utg0W5xhg+E+vxl2B7tjzQE4IqH+0n3i3OMm0QwxPQZkbZ:cJiWFNexC+bvxlS2EAb34VPae
                                                                                                                                                                                                                        MD5:6119B5B54E0D1BF31428F7A034E7ED52
                                                                                                                                                                                                                        SHA1:33F33C5A029DA065CFADE7F001B173C092827990
                                                                                                                                                                                                                        SHA-256:22D715A62BD5C492885DD9A4C91A9C92DB229E129395BC033BEC9A84069B6D94
                                                                                                                                                                                                                        SHA-512:FC30A6B00865EA66D1A4214300280290476750ED99C691E5BF88FC18AE9CD8D2062783995AE5479FB504C9FF25C1A82AAC651697F512CBD7D27B60757A18B2B3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.8.0.0</from>.. <to>7.9.0.0</to>.. <version>1.0.0.11</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>rg6uqbl3Ss1JgnGx8DS10Q==</checksum>.. <checksum-sha1>HazsQIXf2NaHc7/bNdBUsWh4vBA=</checksum-sha1>.. <referenceSchemaChecksum-sha1>KPSA2ysU3tf9HMLWUnlo9Xs4p1s=</referenceSchemaChecksum-sha1>.. <script>7L3rcts4tjD6f6rmHbjrTB1Lsx3FSfoy093uL46dpPV1Lt6x3dk1fVIpWoRtTihSQ1J2vF/t+3Ee..6bzCwVq4EAABEpRIWT22amo6loAFYN0BrLXw//2f//fRo+CkDNMozKNgkZNwfp6QP/+pIGUQpkX8..OV0mSRFk6Y/su38ts5JEn+OIpGV8EZO8+ulrOCs/h+dZXrLvLrM//ym+CJ4/J3me5cFPPwd7wTm5..jNNgWZDg95LMF9H5p4CkEWv75z/BVN6ffTh8+fnk8JeXbw9+CL6f/G2yN9nDn04PPrx+ear89Hf2..E/741z4/CPEoLkKKiuAgSYLTPL68JHkxxFARH6dkYwQhHS9Lg9nV+efDLL2ILycH0TxOX2VJRGfw..o0+HI1J8KbOFX+OPWf6lFTDlkJJMXuQZbUqiE1IUcZZ69fnldkHy67jIcjpeSmalb8fj7Ibkb8M0..vCRzymwH/j2V6a3Egz0TmEI8vArTSxKczK7IPAyOST6P2RSHGG8oecizRXBEEkLl/zFbUBSc3KZZ..ejv/w63jV

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\UpdateScripts\upgrade_site_7.9.0.0-7.11.0.0.xdu

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):332263
                                                                                                                                                                                                                        Entropy (8bit):6.0460262430492
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:H3C1Wi7pUEFp/PbjBpjDySwGZbNVNuXOEICaaAtLXmBP/o2:S1tH73/SiF0ICaaemBno2
                                                                                                                                                                                                                        MD5:A10C5678081C86BAAF88B40E73C236F3
                                                                                                                                                                                                                        SHA1:E9A119BA33809AD2C4A74F07BF5B3209F135CD7E
                                                                                                                                                                                                                        SHA-256:4AD93B4063AD0CB98BE25936E46617BA6A794D58FAA5B0C93264131C50158AE2
                                                                                                                                                                                                                        SHA-512:FDCF5AA447B59ADBE246BD1EF9A922A758EA5DE316D371A27B8916D820DE31F940DAC39337F8B3EF6617CB29CB6AD0F53434255B5201991A17F2D244511028CB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<Update>.. <from>7.9.0.0</from>.. <to>7.11.0.0</to>.. <version>7.11.0.23</version>.. <targetService>Broker</targetService>.. <exclusive>True</exclusive>.. <dbType>SqlServer</dbType>.. <checksum>CoXmI0IQvtVM8lgPWQ/xyg==</checksum>.. <checksum-sha1>/OLhc4/Lr1YlRdykRm/+P2VMPXE=</checksum-sha1>.. <referenceSchemaChecksum-sha1>b3Zv7+9NmK4JjmzHuC4SmYR67vE=</referenceSchemaChecksum-sha1>.. <script>7L3ZcttYlij6XhH1D4joc0pkNsWU7By67VIdKyU7Uyc9qEUpXVEZGQ6IBCWUSYAFgJLVv3Yf7ifd..X7hr2PMAgLIkK6uL0V1pAXsv7GHttde8/r//5//d3k4mTVrM0mqWrKosXZ4vsj/+oc6aJC3q/EOx..XizqpCye87N/rMsmm33IZ1nR5PM8q/SrT+m0+ZCel1XDzy7KP/4hnycvXmRVVVbJn/+S7CTn2UVe..JOs6S35tsuVqdv5bkhUzbvvHP+BQ3p2dHLz8MDn46eWb/WfJ9+P/HO+Md+jV6f7Jjy9PjVe7u/yO..3n51lz+CeJjXKaxFsr9YJKdVfnGRVfV9fGomvtPwN5IUvlcWyfTy/MNBWczzi/H+dJrV9XG5yKc3..J+tFVj/v2atcF03PxrNlXrwqFzOYZL8Oi0V5nc2Oq7Ipp+WiZ6djMahX+aLJqpcFNO07m9UKpp82..eVlYMDburP/5Y1WuV/t1nV8Uy6z3Qrn9P2cwBOEwqz825epORnO7XqfpxcYdN+7Q/yOTz8AStX6b..npYfqvK6zq

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\amd64\libccauth.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):193176
                                                                                                                                                                                                                        Entropy (8bit):6.435642080365913
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:1MevzIaJcZ2f0SFiG3SNBwySRquSMwzQvxxUL4hUiih:xxc0f0SxyBlRsvs4hUt
                                                                                                                                                                                                                        MD5:87F175CF46FD3C1B1B7811DA2C0F6DCF
                                                                                                                                                                                                                        SHA1:8181F38B7738FFD00555CCB12D04D227CEC21AA6
                                                                                                                                                                                                                        SHA-256:04FB13E0CD293EDE567D052D12BCEB6517B2CA70716F251DFA8E5CD333D43029
                                                                                                                                                                                                                        SHA-512:F00724BE93E8BDC37D75FD5FC9BCC4206201AF6427D525805F9E63CDB9439AE4E8421AFC940CB25828233770BF64058C8F591BDF7A1158D4E3EA70903ED23EDC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l....................h.......h.......h.......h......................r.......r.......r.......r.......Rich............PE..d.....e.........." .........................................................`...........`.................................................D........@..........x0.......(...P..\....F..p...........................pF.................. ............................text...C........................... ..`.rdata..@...........................@..@.data...83..........................@....pdata..x0.......2..................@..@.gfids.......0......................@..@.rsrc........@......................@..@.reloc..\....P......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\cs\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17320
                                                                                                                                                                                                                        Entropy (8bit):6.537774671591289
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:8i1gh+eN9sjQyfyH8oDxuROWhiMWVaabr+Hj+R9zBCA:P4sjQ18oLjz+Hji9zkA
                                                                                                                                                                                                                        MD5:E4EDD73A6591B2BF102DEEEC2237854C
                                                                                                                                                                                                                        SHA1:F635C18E3F7C841268CAB3788C2140EDCBC4B13D
                                                                                                                                                                                                                        SHA-256:10EDCEB9C65C9587527DE1BC4126F30D577E18867C7F3E5A78015A5B48ADABA9
                                                                                                                                                                                                                        SHA-512:5C37C40ADC7B9A2F0412A56ECB0E323CB2659505A4DEB1CAEF431A50AC9C75567F6D0F6B160C6FA5D9706E55069DDE25F098D7E3A80640038784DFC588C1BDC2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................1... ...@....@.. ..............................Oq....@.................................\1..O....@...................%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......0/..,...........P ..]...........................................Y..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\cs\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14264
                                                                                                                                                                                                                        Entropy (8bit):6.744232243159024
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:OcM5BIYxyW+6GWqWGxVA6VWQ4eWMYWxgV8FGecX01k9z3APEFVi:OckBI2yW+6GWexdgHR9zqEF
                                                                                                                                                                                                                        MD5:EFC159860223E3B6015683033B3BE415
                                                                                                                                                                                                                        SHA1:F5ECE312E13B29E59177AD8FEEF8192AD076A312
                                                                                                                                                                                                                        SHA-256:53593F96EB3DB4B8E4F54C82EA788BB6C076F38B1645DE110ED5C6C2E6D96DC3
                                                                                                                                                                                                                        SHA-512:0C38D10369DB70C5D8D23BB5527C6CF095133076D2823AEE7A8B7ACB913948E93D81FB1B12033E70006398AE91FA865D7F1B421EAC9DF08A2A8F4D9D8F5E8299
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!.................'... ...@....@.. ...................................@..................................'..O....@...................%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......x%..............P .......$.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.,...(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g.^... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\BrokerServiceSupport.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14920
                                                                                                                                                                                                                        Entropy (8bit):6.897938010694925
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:XhEfUcNsIYiAreviDfAM+o/8E9VF0NyvHDmG:xyUcN9YiRviDfAMxkEsG
                                                                                                                                                                                                                        MD5:09A7310D055EEDA2874F5048AAC32A46
                                                                                                                                                                                                                        SHA1:0241F90546B9CA0F70A13CD61FD5B773BDA119FD
                                                                                                                                                                                                                        SHA-256:F2EC8CF0C40A59B2FA899CEB962FD02BBB7953619F175C0B37424BBD490E21E3
                                                                                                                                                                                                                        SHA-512:18B529C4CA425CA1F64C2FDFAA1D13BC656098D90D55B996C34BDA1C06948B779500511EEA04DE7DDF54E21FE1A3CC94AE36562225B2C7A591C4E1F5F634F717
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.f...........!.................'... ...@....... ..............................;|....@.................................d'..W....@..H...............H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B.................'......H........"............... ......P ......................................gcxL...x...4;$v.I..$6...A..M.a3.7.....ZQ...:v..q........N.1|(..I.m..7z..p.....0.Q.p..w..:...`].).....T:/..%.H..F.Q_....)...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.4S".4.XC.......T...>L.i.c.e.n.s.i.n.g.E.n.v.i.r.o.n.m.e.n.t.U.n.s.u.p.p.o.r.t.e.d.....HL.i.c.e.n.s.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Citrix.Base.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):11760
                                                                                                                                                                                                                        Entropy (8bit):6.457224342287263
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:c8lhNhojhPvUkZbJpMDWpHJH476IU8rENfkMIZHo/X:ZDWjhPvUkZbJpMDGR+4NcMIhGX
                                                                                                                                                                                                                        MD5:C5A71E6D6FE68F5A3D11A2145BBAB522
                                                                                                                                                                                                                        SHA1:F2BCF8A6E9658AC15A32CF26F63F7FABD289828F
                                                                                                                                                                                                                        SHA-256:FDC08D03025C60B182420C3A54F338D3EFFD59FCCF20E8CF6AD91FA458E51128
                                                                                                                                                                                                                        SHA-512:2590474AAC83D6E3A6BAFB2080187E5A8DE75246EA88B1099A1607074213FB8E5833A7216EC98972C5B9A1FE599C9E11B34213443B0E0E93AEC2A27ED0EA6731
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............6)... ...@....... ...............................h....@..................................(..O....@.......................`.......(............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..............P%......H(......................................BSJB............v4.0.30319......l...0...#~..........#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................T.....T.....A...........).....)...A.)...^.).....)...*.).................;.....;.....;...).;...1.;...9.;...A.;...I.;...Q.;.......................#.....+.....3.H...;.X...C.c...K.x...................................................t.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Citrix.CloudServices.Core.Api.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14240
                                                                                                                                                                                                                        Entropy (8bit):6.420363887419548
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:5GMijNCqUUZkJ1zIYiOjB5TuCONcMIhX:2wqUUZkJ18YiOzuCO2MIh
                                                                                                                                                                                                                        MD5:24990929210EBAF8198096B6ECF106AB
                                                                                                                                                                                                                        SHA1:8316D15FACE224FB515847708DB2790110833C29
                                                                                                                                                                                                                        SHA-256:6368CE77AD99EAA415612C6323C35CAE11F74242D03BD52F4B8F32869306E353
                                                                                                                                                                                                                        SHA-512:009B2AD624917C8CE0E5CF910B9BCC4AC9FFD94CE59707C559BA73CF89629AA4D70B7ACC837A0F312DB915D5C50D1AC75636DA8958BBD484AA05A49C64B7EF4E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ic...........!................>,... ...@....... ..............................pN....@..................................+..W....@.......................`....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ ,......H.......L'............... ..y...P ......................................W..w+.hy...){b4......;.P.....`.F...y;.....w.E.-.3.....q.uH*.Am........H..\.g..9.J..1/.\.#S>.[.z.j.4.DR..P...0..wU........-u..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP6...k...V.....x.o.7....R.hg..z.&.H...W.J...<3...L.......q...................L...#.......u...*...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13216
                                                                                                                                                                                                                        Entropy (8bit):6.529469675322895
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:mjEw5X5Sp7oHhJMKIYiYF80ag/5Y7OEtELLrysjcbENfkMIZHUY:mjEG5u7oHhJMKIYiOjB5xjjNcMIhU
                                                                                                                                                                                                                        MD5:BF67F16CD4408358A01A736199ADDA3C
                                                                                                                                                                                                                        SHA1:619326EEBF1BF5113EC27F0F88C1A055DF37F2FA
                                                                                                                                                                                                                        SHA-256:133776F92AF102C1EC5B5912D148765D76422F9300F48A2569B85C42F4FD4F76
                                                                                                                                                                                                                        SHA-512:365376C29095493050C2E4D659A56E0B9DA6AAA33B34C7C41A14CE7473BDE0818197536AE3D957CC29D0088F855A54B020ED27B24DBFE2F3EAB49DA16D32A3EF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d...........!.................(... ...@....... ..............................V.....@.................................l(..O....@..P....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......l#............... ......P ..........................................K5+..ET.;.....:*.C......>Y.....V.Y.....I......<....HN..m.o.iG.......q...v.f.n6:..0...h...(..^...T~H[...N&.k..n...../...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP]...1..FX.b....V...).......$F.u.t.u.r.e.D.a.t.e.R.e.q.u.i.r.e.d.....(I.n.v.a.l.i.d.C.w.s.A.u.t.h.F.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Citrix.IconConverter.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16456
                                                                                                                                                                                                                        Entropy (8bit):6.764549202434745
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:p73LmM4U/G+6E6cJaMhIYiArevn/AM+o/8E9VF0NyH0wL:x3ylUO+6E6cJaM2YiRvn/AMxkEWwL
                                                                                                                                                                                                                        MD5:75F8271CCBC3DFB6126A00BF249CC00A
                                                                                                                                                                                                                        SHA1:FFE7DEC1470C54817CF98E091A1AAFA3D9896BB0
                                                                                                                                                                                                                        SHA-256:04B8C9A44D941DA69F16FA8CF0800D4267FDE4DAE5BD4B9A0123466E1753640F
                                                                                                                                                                                                                        SHA-512:92D751B98458B75DC94157358A50F835C6E788B320D761C3FB014244C93779046268664CF62DFE0AF36A4A5B0265C417CA0969AC338E5C195602559FCC2CB687
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z.f...........!.................,... ...@....... ....................................@.................................D,..W....@..................H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........'..|............ ......P ......................................\..C(.......l...$f.y,GDB.e......Qu.&...x.X....w.[...7j.P..g..5....Nh..m.L....,.xp......t....P%...tLxm.q6..=q.&...1....\....`................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.......AW......?I...G.g..:`...~.8..!d.#A..#..\)7).5.3.S...y`...i.......B...........7...........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\ConfigLoggingSupport.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):28744
                                                                                                                                                                                                                        Entropy (8bit):6.180971008592812
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:YHnEyizVuO52ydlKauM9SVvHhD1UciBYiRvAAMxkExI:+EyizVuO52ydbyD347NOx+
                                                                                                                                                                                                                        MD5:6731D3E00744197A35B29B104B479894
                                                                                                                                                                                                                        SHA1:5A913B7865E68EF44AD1EF213F5BEB0FE91C653B
                                                                                                                                                                                                                        SHA-256:B62C5D8E9B60F351A8485E5BF8ACC0EF4173A1DF7935897538BEBF0865155110
                                                                                                                                                                                                                        SHA-512:3B2CF9FCE0A4B6A7A81292A6A9C717A2EB0EF7AD980398B0FF559DFE3980EDDD7F355309F86820AB49E5F5323CE4A279E772DB1598A450A1020F8921A73EAE8C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._.f...........!.....>...........\... ...`....... ..............................N.....@.................................t\..W....`..H............H..H(........................................................... ............... ..H............text....<... ...>.................. ..`.rsrc...H....`.......@..............@..@.reloc...............F..............@..B.................\......H........W............... ..#7..P ....................................../..y)y.#..P.C@E.d.S.`l.O.F.L.......'f./.CfC..[r.%.}..#T......._YyS.CG.0E..o.J.....:y..wt......Y....[E./[pP:cp..$(h_2..+5..k.7.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..+.i.]...z.)....#..$#.L3..q.{.i~b.N`..D..........3.o.)...;............z..p[.*1^..3..4:...+...VV.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\FmaCommonEnvTests.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):34888
                                                                                                                                                                                                                        Entropy (8bit):6.0300706565897935
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:TWnatRthssr/6KrbC0+yb4bQQQ0qnb9skOSJQuY9cpgtVjIYiArevFAM+o/8E9Vi:GoRtiUD+ybbDnKegtVMYiRvFAMxkE2
                                                                                                                                                                                                                        MD5:B41DD06A70C0799D1F76C75168376CB6
                                                                                                                                                                                                                        SHA1:BA29028B583B67AD2E3F8964FC31F289C5EAB59C
                                                                                                                                                                                                                        SHA-256:AA85C1AA92FD437053C3C5848825A23C6F4E3ECC822EF5B96568F151BCB1B891
                                                                                                                                                                                                                        SHA-512:F45F36093AFFE2BC834F4564CC61AD9C37E2642F64C667283A4F4101B913C62B3E3C329B9FEA601EB299C99FBE5BF35F0A7D0405EF5399F4AA1D462BEB27CCDB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V..........." ..0..V...........t... ........... ....................................@..................................t..O.......0............`..H(...........t............................................... ............... ..H............text....U... ...V.................. ..`.rsrc...0............X..............@..@.reloc...............^..............@..B.................t......H.......P ..$...........t%...N...t......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...A./...^./...../...*./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.9...;.9...C.K...K.q.......).L.........................................z.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\FmaConfigLoggingClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):15944
                                                                                                                                                                                                                        Entropy (8bit):6.788227212810207
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:2IplXlavuqoAwqIYiYF8tgreRZcRtAA5K+o/y2sE9jBF0Ny8apOG:Xl1ioAwqIYiArevlAM+o/8E9VF0Ny30G
                                                                                                                                                                                                                        MD5:685E32EDAF7E48B807347D8441B3A99D
                                                                                                                                                                                                                        SHA1:173E0F23C470147FB5A8F8E5059EEE022C0DA38A
                                                                                                                                                                                                                        SHA-256:4975EC439A26FD4A077EAB3D41A8B56584F8BD79F1CEF356021A594A95943B2E
                                                                                                                                                                                                                        SHA-512:1EB26EBFD0575C099AE1A3393031A37F85308264BC634092F1A6D398F8B34D4A3B5F8CBF934C63525A2A8C45DFBC6E012819C93D0CD12DA9C33796E2E8163C6C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5%............" ..0..............*... ...@....... ....................................@.................................H*..O....@..T...............H(...`......,*............................................... ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B................|*......H.......P ..4............%..(....)......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3.................................................._....._.....L...........4.....4...A.4...^.4.....4...*.4.................F.....F.....F...).F...1.F...9.F...A.F...I.F...Q.F.......................#.....+.....3.9...;.9...C.K...K.q.......).L...........................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\GpAnalyzer.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16968
                                                                                                                                                                                                                        Entropy (8bit):6.738452930017228
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:JCx5geVIWVBIYiArevn9jTgAM+o/8E9VF0NyR9Tz:yO2IWVWYiRv9fgAMxkE5Tz
                                                                                                                                                                                                                        MD5:D8763CEE5E73783E67C9F8C1D310CEB8
                                                                                                                                                                                                                        SHA1:3AAD63B0164564A845B125DA89B5A0A187766FCE
                                                                                                                                                                                                                        SHA-256:636D7C9D8B9EB7BE254E8633F10286294156AD931A6BF55BDB030F030B577483
                                                                                                                                                                                                                        SHA-512:39BAA9C2492FEF56C07E4E78D0D2A4F511C134E38883A38BDDDEB0DEF7E522EC59BEE33B651704BC0BB8806DD181698E7E15C1AAE1FBDBA7A4E613BEFF6C0295
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^.f...........!................./... ...@....... ..............................GO....@.....................................K....@..................H(...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H........*..H............ ......P ........................................@.A].x.g..Jz.7.*......6?Z.2.U.r.n.I..bx.E58.>+..*...^t!...p\.\"..45.05J.5...6......m..^.._.U.N....h..`..2KS......C =.y................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP..a..!.*L=.u...V%;..Bb...t.U>E......=.Q.g....s...@Y..r.....3...a...o..B.e...(.b.`...B...D....%

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\GpDocument.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14920
                                                                                                                                                                                                                        Entropy (8bit):6.880168671136118
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:XBP64MinIYiArevjAM+o/8E9VF0NyOo0Vf:XF64MiIYiRvjAMxkE2Vf
                                                                                                                                                                                                                        MD5:49FF4E44C1381BBB4DA3E55BF1FB023B
                                                                                                                                                                                                                        SHA1:1DD70038785022835E73C28FD6CBDC986A117B6E
                                                                                                                                                                                                                        SHA-256:7B307E5FD8DECC1CD050DEA5F8E480CC1C15A406705F9D928406383DA34A8EAD
                                                                                                                                                                                                                        SHA-512:627F79B1E0A611B5EF51750C82B941E239C6784BD9FF652043F17945FD81040F42B12A0341D0957CBD0F00ED321D5DCB972BDBF3C7ED2262C9630E5B3805B74E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z!..........." ..0..............'... ...@....... ....................................@.................................T'..O....@..................H(...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......P ..............X%..`....&......................................BSJB............v4.0.30319......l...0...#~..........#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................S.....S.....@...........(.....(...A.(...^.(.....(...*.(.................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:.......................#.....+.....3.9...;.9...C.K...K.q.......).L.........................................s.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\GpfxSettings.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):611912
                                                                                                                                                                                                                        Entropy (8bit):5.181785163662587
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:tmJIioIuooys5MNBo0zxMYylZ3HHVRdAAO7jTlbYNxgwIA0nJWs4LFQll:M7BnEVRdAAORYNxDZ0nJ2FUl
                                                                                                                                                                                                                        MD5:79D1186BFB1FDC34A60B60F9A2F9D6CA
                                                                                                                                                                                                                        SHA1:5723C9356AB0C3B8CE844A1764B733B62DE0A304
                                                                                                                                                                                                                        SHA-256:A2F805720732C2884C8A383AEEAB0F276A7F1963ECCB72498A764CF52114BDD3
                                                                                                                                                                                                                        SHA-512:1B173D8BDD1697A543B4851D1A3DCCA1F3D76FDF5F57FA986A0AA2B6E972E0E073F0184DF35A3CFBEA4E5B4DC189E0A35A8AF1C2E51918D2E058BA2B75431FD6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.f...........!.....$...........C... ...`....... ..............................9.....@.................................\C..O....`..................H(........................................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H........;..T............ ..8...P ......................................,x...o......1.....=..8.l.Q.F?lL....Ip...N=..O.."....$....rm....M.........B.h._...3...`.4.._.......D.O'GY...}.$x....Qm.3..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.x..`.H..n......L....x......j.....1X1..YZ..x.......&-.....x!..a\.....*.$.R.*..hi..^..........S.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.Edm.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):68472
                                                                                                                                                                                                                        Entropy (8bit):5.3700197693150304
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:Z1sWVHnziAjt8QnnaDbugb0sNdEnmGGzBvK:Z1bHnziAjt8QnnaDbugg0dUry4
                                                                                                                                                                                                                        MD5:52D9659654764EE03AFBA7C0C234EEF2
                                                                                                                                                                                                                        SHA1:7C6E0F61F98A6E6FF28BD6A092C453827896DB56
                                                                                                                                                                                                                        SHA-256:78938FCC9882DB102E7A6308D67131907BA4C02F9CAC331A3B8EA3A83C571E87
                                                                                                                                                                                                                        SHA-512:82A5716432B8E0E0F2F2B3D388769B073E33A4AA970E3C758B7F4E72FADBFBA70B1C73B51C2768665992ED4771135A625C5B567AD08CFA8AC4D916C4723267C1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G8`...........!................~.... ........@.. .......................@............@.................................,...O.......@...............x#... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc....... ......................@..B................`.......H.......4...............P ..a...........................................]..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..X.b.Y.Cym.n....;............s....^............Q.......3..F......Eq....3.. =.><N.@nT...%..=......z......i.F..A.|xZ...[.?>..n0..]>W..;..Y..MF.t.....h.u.i.lK=.E......J.......7..|...@.."L.c....H.....b...[G/.....I..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.OData.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):285048
                                                                                                                                                                                                                        Entropy (8bit):5.057380535679937
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:yV1BdIRIsotLuUNRSSEpQdAg4gIwwi926Wync1C4MXRfe67tFxz+mt9kusN:u3jxEVB7wT5+mt9S
                                                                                                                                                                                                                        MD5:2020094682657E135251955F238654AE
                                                                                                                                                                                                                        SHA1:77ABAE58ABC5A8D8A37F67A0FF962B28EFBFA850
                                                                                                                                                                                                                        SHA-256:5CEA0137FCE5638718F58A5061388669A13EFD0E0C753A9309F6F5D43ECAE8B9
                                                                                                                                                                                                                        SHA-512:41BD75DB5524D1E072A8FF5490B8D3122383BF09D3C018471B322E8BC919B18192CAE6D7FA5F5E312E4DB9B201D5244160B5981D624A3D4A3636DB7C53C24A8E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._@9`...........!.....,...........J... ...`....@.. ...............................+....@..................................I..O....`..P............6..x#........................................................... ............... ..H............text...$*... ...,.................. ..`.rsrc...P....`......................@..@.reloc...............4..............@..B.................J......H........G..............P ...&..JG.......................................&.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....!,..........R....!`......u.!...nI..iEs..K.".o.#....4.....8...Q.'....._~....&.Y.e.+.s..|{.........:"..O.(.5...E.am..C.M...Ve......"..8]..l....m.......|...........|..S.(..yx.*.......r]..{......_Ul......^..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.Services.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):67472
                                                                                                                                                                                                                        Entropy (8bit):5.475157935889382
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:dqFRmg9g9Rgacs+glXLljA2qzu5yy1UDDv3jGW:kF9g9Rgk7ljpqzurUPvz
                                                                                                                                                                                                                        MD5:C81168A83C2BFB34FB91168B1EE05BE4
                                                                                                                                                                                                                        SHA1:000BE0618B5E7A46A2C50F596CBBBD4FD02CCC4C
                                                                                                                                                                                                                        SHA-256:12071610A1E3755BAFEE357C445B0D15CE0792F9B097AC3E9EBABF75EFDF83EC
                                                                                                                                                                                                                        SHA-512:CC15448831FEDEBBE470BC6BFC771C8558E7CA465B4E9325E8BB9D9410FB9E1A0CF93F2C394BCE935B0D8651FAA307F706ECAEA55A96B2AC23CF3822A4D1B1C9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...QA9`...........!..................... ........@.. .......................@............@.....................................W........................#... ....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......................P ......,......................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..j....?r..%.....A..K.....z..0Y...../...rB.+|.7i.......P.p.J.z|...........=..r...n...D......1BE..~......s..2E......H..@+.~.p.//...)...qu.....Fa..;..2u...!.....x+j.........#..:P.\AX...........T.W.......jh...\..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Microsoft.Data.SqlClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):264720
                                                                                                                                                                                                                        Entropy (8bit):5.3253723330984934
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:RWeuR+YJQoWOx0wgkgEu2wE5cekcUVSisR+0gvg3UMQwCxmn+ISLS4BcUVkSyl7H:geQb0wgkgEu2wE5cekcUVSisR+0gvg31
                                                                                                                                                                                                                        MD5:670E2D95D861A0215D916EBA398B28F8
                                                                                                                                                                                                                        SHA1:53193CBBC3B2EA79855BC09D1FEED4DB6ADEEC18
                                                                                                                                                                                                                        SHA-256:9A48EBC765B3E73792896B30A5262F522ED211480242AD3B8813865816D56957
                                                                                                                                                                                                                        SHA-512:04EFF4104EA31957E9510AC594EC0A90EAF2E23193CE0B08062DCFDA6D95F44803F3CEEE33474EF9E0B884865E01045C746CB669DD5270FD665B2FE87579966E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..e...........!..................... ........... .......................@............@.................................<...O........................(... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................p.......H...........x............ ......P ......................................D...A.k..;.....A.3]YE....x..O-....l0..U...6....;wch.||.q.I.6.Q........7y..:=.....[.,.... ....^.TT.6=..m.....5s....Rs.UB..=.3...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.........9...}.>........VD..Q..'.!...Q.._.../.....R.........c.....7..3:...E...K..........a.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Microsoft.SqlServer.Management.SqlParser.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):63920
                                                                                                                                                                                                                        Entropy (8bit):5.717263407400139
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:zJIF4rC0uVMD+HxEF9w2lWsCjPLDatO+7BVaOvFlNStJjkcFLYhz8:dISr1uVMD+HGF0ojNaFEhY
                                                                                                                                                                                                                        MD5:5C3EC88CFEBDAC5B9BB15C5270F174F0
                                                                                                                                                                                                                        SHA1:DE9E5647FD5BC5B67658C838EC35834E93395B50
                                                                                                                                                                                                                        SHA-256:AF906E93C6C7AA38EE143E1979D535E4167A6BD8A7019817E488DC0934ED916D
                                                                                                                                                                                                                        SHA-512:85A3E615D3958194D004CC8A6BD2B240346D20E7CED4326938BE3F9AF7A778830C9B9A8CB39F4BD17DC664DF97DD8D2E834ECD28D2F4BE828DC041B7F8CB2CA2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s.od...........!................>.... ........@.. .......................@......a.....@.....................................W........................'... ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................ .......H...........<...........P ......(......................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....B.......PADPADP.]....*.t)......\../..(...~P.,.U.G[h.....8C..I............W...y..J.#Xs...w.r...........V...>{...0........t..]G......H....GU.........U'..].....K.i.K.4...y...5.....5..$..=b8.....X.#..gK...Gc..G.....A....+.:.A.W...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17784
                                                                                                                                                                                                                        Entropy (8bit):6.419716197028772
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Zxi1PdTo6e5C/TrItfDxSSvWhh2MWm4aabeq1FR9zpdc:ZCa5imVSyfz91X9zY
                                                                                                                                                                                                                        MD5:5E47B58927A7E945911FA86F67C58695
                                                                                                                                                                                                                        SHA1:AB5048327EF525549CD02EE0542E8B51FA03BEC3
                                                                                                                                                                                                                        SHA-256:226D782F3A366C28AD778CB28BEF9DF486317F982CBC10A57D4CF7288F41D41A
                                                                                                                                                                                                                        SHA-512:081E4FFB20514BBCFB86550BB41E53CA7DB66548B5EB204EAD4B3D5A14352275E030ACFD3A050B805DADD21D7A00701857190428A11973B88A4089AD3EC1685A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z..d...........!.................2... ...@....@.. ..............................|.....@..................................2..S....@............... ..x%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......\0..,...........P ......./.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14256
                                                                                                                                                                                                                        Entropy (8bit):6.734647019754734
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:BcV3GLiq8xD1W0UZ8WWWGxVA6VWQ4yWMH+BEg7X01k9z3ABKW:Bc8+qqRW0UZ8WixdGR9zeKW
                                                                                                                                                                                                                        MD5:A442F686CDEBA9B432DADCE9AB024727
                                                                                                                                                                                                                        SHA1:0E81FA6D167F4088A0DA3BF518899583B0B6A14F
                                                                                                                                                                                                                        SHA-256:F5D5BC4807C4E80DE2D7EC952A8DEC3B1D6CB7BD327415BF5D412A1CB91BC4B7
                                                                                                                                                                                                                        SHA-512:2CCC2A17496C4A85925522AD513FAD991141DB4B22923693CB56DE3B7F8EA68D16E3D2239E53489ED08F6E997818DEF89C9081789DAFEE8048D4AF7BBBC39AFD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!.................'... ...@....@.. ...................................@..................................'..K....@...................%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H........%..............P .......%.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.....(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g.Q... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\de\System.Spatial.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19832
                                                                                                                                                                                                                        Entropy (8bit):6.312670851872272
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:2X7cvo8DVnoMxRpMMzrWS4smWoD/HRN7WNe3LlkQdSWR:y7gnoMxXtgDvdR
                                                                                                                                                                                                                        MD5:DFDCA927AAB44D8C92791E521F4DC020
                                                                                                                                                                                                                        SHA1:6C42C592C87BD285C8016CB9B213C6C4D35CE97D
                                                                                                                                                                                                                        SHA-256:074F4E5C44313511E18EB6CF8F23DDF2DF8AA86F49C83AD9508C293EB66C13B6
                                                                                                                                                                                                                        SHA-512:D6492FCF2F0567ACB1E9D2C59C993FC09CB0D08489594209C475DE232E4A0BA6132707A86AEEB2ABE6F9B56FE5CC8D46052202781C43D708FE697FA7B2A5DF8D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F8`...........!..... ...........?... ...@....@.. ....................................@.................................x?..S....@.. ............*..x#...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc... ....@......."..............@..@.reloc.......`.......(..............@..B.................?......H........=..............P .......=.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADP4....~.U.$.g....>...j.......N..!...F+.-.`..}......v.".|.J8.........Rg.......5..1...-.J........L....-?..e.!Z.>&.:^(GdN)..2/.i.A.hsL..zL...V...Z.!I_..za..km.n.t5..v...|....................................6...w.......C.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\BrokerServiceSupport.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14920
                                                                                                                                                                                                                        Entropy (8bit):6.900553228791086
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:TlXEwUcNgIYiArevDAM+o/8E9VF0Ny26ge:FdUcNpYiRvDAMxkEoe
                                                                                                                                                                                                                        MD5:4B1EF7A0553A2EACBFCC5706D086AD38
                                                                                                                                                                                                                        SHA1:9ACD4AEB4C51E7E58B02E796A9115B55845B3C9A
                                                                                                                                                                                                                        SHA-256:2C1853462A5C390C7F7C80825156C006FF17FEA90FB48617D4E2D210885956F8
                                                                                                                                                                                                                        SHA-512:9D0D53924C03F026E6586D1CCB61ABD4F373DF272007DC2284BF4DA11D8B901E28641B23A703587975168E5C9DBD4ADABAECA86F9D6C703AAE75F287A71B5BB3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.f...........!.................'... ...@....... ..............................t.....@.................................h'..S....@..H...............H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B.................'......H........"............... ......P ........................................I]......>h+.....>Se.<P...jB.........#..C.f.)...a@.._.;....k....e.#..y....8...ZBz0...0_q/.5_5x%[..f.+!).{f.h3..y._.9.....................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.4S".4.XC.......T...>L.i.c.e.n.s.i.n.g.E.n.v.i.r.o.n.m.e.n.t.U.n.s.u.p.p.o.r.t.e.d.....HL.i.c.e.n.s.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Citrix.Base.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):11760
                                                                                                                                                                                                                        Entropy (8bit):6.469765244073703
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:TdlqhanylYWvUkZbJpbeIDWpHJH476IUiwO1q86ENfkMIZH/GTO:qoAYWvUkZbJpbeIDGR8wO1qUNcMIh/mO
                                                                                                                                                                                                                        MD5:DE7ACDA87B17BE81A5C6930C6F360564
                                                                                                                                                                                                                        SHA1:070634D785FE0949401BB6A8D4F524C41C0168F1
                                                                                                                                                                                                                        SHA-256:6D938CFE229BA2BECC626D57F336E75C77EDC54E8338552C48DFE56E10F1E8AD
                                                                                                                                                                                                                        SHA-512:86CAD9E9F56EC4FD47C8BAE10D7186199F37D1A8C3D86B4CB3DB19C2A0FE5F88733B428F709AE10A8E35F0F1821E5922E35052F05A9C2ECD4CDF8AE81B4CAC4A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............J)... ...@....... ..............................WU....@..................................(..O....@.......................`.......(............................................... ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................,)......H.......P ..............L%......\(......................................BSJB............v4.0.30319......l...0...#~..........#Strings....\.......#US.`.......#GUID...p.......#Blob......................3..................................................Q.....Q.....>...........&.....&...>.&...[.&.....&...'.&.................8.....8.....8...).8...1.8...9.8...A.8...I.8...Q.8.......................#.....+.....3.H...;.X...C.c...K.x...................q.................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Citrix.CloudServices.Core.Api.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14240
                                                                                                                                                                                                                        Entropy (8bit):6.396896142453108
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:MskWTHAALFytm0rqUUZkJ11IYiYF80ag/5Y7OEtELLgGgzBENfkMIZHy:7LAuorqUUZkJ11IYiOjB5kGLNcMIhy
                                                                                                                                                                                                                        MD5:07D2BD6609DC9A23302A452337C723F3
                                                                                                                                                                                                                        SHA1:D33D96D1AD106D7B3BA4E1CCBB569A3F152AC588
                                                                                                                                                                                                                        SHA-256:42E0D9E85BCF9689B41F5DB690D7C3C65ED6C8F33236577E0C8D1AE9EF58FBC9
                                                                                                                                                                                                                        SHA-512:233F3566AAEAD78249D93752473B5706F489AB672666AF6D34414801EF345C3B19DD3ADFABC98F751DADE2DD3780550380418A0AAC7DD6A7F2575B943141C7AD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ic...........!.................+... ...@....... ....................................@..................................+..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........'............... ..;...P ..........................................|.=../.lw(....Q.k.r...%&.pi =.g....$.T..8TJ..E.n.41n.Oc.......4.nw.eS...?.s9..}.u.:G..#$.*..1...p..."%1....N...?..t..7..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP6...k...V.....x.o.7....R.hg..z.&.H...W.J...<3...L.......q...................L...#.......u...*...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13216
                                                                                                                                                                                                                        Entropy (8bit):6.537941406723455
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:RLE2XFSproHhJMhIYiYF80ag/5Y7OEtELLIGJWENfkMIZHD:RLEQFuroHhJMhIYiOjB58CNcMIh
                                                                                                                                                                                                                        MD5:908ABD49A8F297029D89A377EBE563DD
                                                                                                                                                                                                                        SHA1:0CDCDC5B44B6A1D4C7E0F443D7C9CBF77AC281E4
                                                                                                                                                                                                                        SHA-256:26DCA64EBE6DBF7DB2D5AEB77207CB8AD4A18A1ECDBC747DEB2BC3ED6AB16923
                                                                                                                                                                                                                        SHA-512:F7AFD44714BC51C5DBAB4C395EE5CFC0351ACFDC24D07556A19CF60A324AAD8357ED7AA63A231E22E75C25B02A56FC7A355C07C87109F073C9594F4C6B56459C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d...........!.................(... ...@....... ............................... ....@.................................|(..O....@..P....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......|#............... ......P ........................................l.].._?C.w.....,\_..:......G......IL.j....4}.....j..~g...X|nh.-/F.!'..Ya..'.f*...?..W.I.%|.k]9.."....'..=.-...T..@..Zo.}}................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP]...1..FX.b....V...).......$F.u.t.u.r.e.D.a.t.e.R.e.q.u.i.r.e.d.....(I.n.v.a.l.i.d.C.w.s.A.u.t.h.F.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Citrix.IconConverter.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16456
                                                                                                                                                                                                                        Entropy (8bit):6.777951529942677
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:nxlWz41/G+6E6cJaeIYiArevlOVRAM+o/8E9VF0NyqyOm:xlWs1O+6E6cJazYiRvlOVRAMxkEPB
                                                                                                                                                                                                                        MD5:B03EE1780D04EC364E902FBE47C4B977
                                                                                                                                                                                                                        SHA1:77B3C367507C0E805DFF478CBB654134B3EEF108
                                                                                                                                                                                                                        SHA-256:9732D80C757912633FD0F61C134E55EB5E345D48D8E7E01958AF8F47EDD30F0A
                                                                                                                                                                                                                        SHA-512:0EAE0DEAF9BADA772CEAA54C7A2FE404477CB47989C74B71171F58163DBC29D87E006A31686070FD488C7FF352EC054B7B55517236143025CAA741F5A93EB304
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z.f...........!.................,... ...@....... ...................................@..................................,..W....@..................H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........(..|............ ..7...P ........................................ d.S1...:.Z..c.5..Y.....n.3.V........y....pE./.*0.?...FW.....2...c...."....P.....`CB.Ss0...S^.M:.O..xRX>......e3..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.......AW......?I...G.g..:`...~.8..!d.#A..#..\)7).5.3.S...y`...i.......B...........7...........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\ConfigLoggingSupport.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):29256
                                                                                                                                                                                                                        Entropy (8bit):6.143414669605578
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:hnEy3fuSsixyTUUAMW6fohFUciKYiRvxAMxkEpGP:hEy3fuSsixygUAMW6aHj7NZxi
                                                                                                                                                                                                                        MD5:F06A9B7EDD313096561D386EDFD926EA
                                                                                                                                                                                                                        SHA1:313C6E67A87FA6B10E37F4350E60AE11A0DF33A2
                                                                                                                                                                                                                        SHA-256:590A79043A8694534499899DFA079FEB75753BF9BB08E663BA9103AEFE549CB9
                                                                                                                                                                                                                        SHA-512:130837667617C10922218D348C74EF4702C9467D186F8B8814723ACE9ACB582340E8177A702AAA833F3FFD7CDBF52851773F8DF10C9FB0D2F541AC736F596942
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._.f...........!.....@..........~^... ...`....... ..............................L.....@.................................0^..K....`..H............J..H(........................................................... ............... ..H............text....>... ...@.................. ..`.rsrc...H....`.......B..............@..@.reloc...............H..............@..B................`^......H........Y............... ...8..P ........................................U..3t...L...rG@...C.5.8.b..2..}.&V...5v.G.......6[...X.!dU..,c}.....W.....A...f.L.~.d.&............2.#>.h..p...4..3d.[.8.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..+.i.]...z.)....#..$#.L3..q.{.i~b.N`..D..........3.o.)...;............z..p[.*1^..3..4:...+...VV.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\FmaCommonEnvTests.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):34888
                                                                                                                                                                                                                        Entropy (8bit):5.980365190600355
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:DeWna0HzPikoc1QUwf+SMTGJxxYoH9E0FigtVZIYiArevJaAM+o/8E9VF0Nyr6:Dbpz6A9ocTQNH9E08gtVOYiRv8AMxkEg
                                                                                                                                                                                                                        MD5:6619ED1EBB6FB8F9D4BCF2888F339315
                                                                                                                                                                                                                        SHA1:042CB31E66799EACBD37574E5F562D05A3AEA161
                                                                                                                                                                                                                        SHA-256:C480A46B991793E35AFB314C9DA71A5FED77052EE78A3123A54B2AFE0E29064E
                                                                                                                                                                                                                        SHA-512:C2E611294DAE02D0083C9838B03989E52947A802211EFDFBF7C37A8C1AFDA127B154777A66D606DB1F0FBB0924F48137313949BFE3A3E4D7D7F8A27430D7A55D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[P............" ..0..V..........6u... ........... ..............................".....@..................................t..O.......0............`..H(...........t............................................... ............... ..H............text...<U... ...V.................. ..`.rsrc...0............X..............@..@.reloc...............^..............@..B.................u......H.......P .. ...........p%...N..Ht......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W.....D...........,.....,...>.,...[.,.....,...'.,.................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>.......................#.....+.....3.9...;.9...C.K...K.q.......).L.........................................w.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\FmaConfigLoggingClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):15944
                                                                                                                                                                                                                        Entropy (8bit):6.773979228408259
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:l1+/JoAwKIYiArevcAM+o/8E9VF0NyLvOa2/:aoAw3YiRvcAMxkEVm
                                                                                                                                                                                                                        MD5:4B0D1DD3FF78BE308F26C123BE6290BF
                                                                                                                                                                                                                        SHA1:B3DCD91A6F39228DB73EB325B4FF19A5FCAA5C88
                                                                                                                                                                                                                        SHA-256:6D6956AC576E7672ECC7FF4070A5AF2ADC0BEC1BCB6884A1B9C24DEFC38E7FD1
                                                                                                                                                                                                                        SHA-512:1DE70CC9070585DB9EF0E1E9314C6344F1841E6DF6B0A29EFBAB9018C434EFAA92FDA3E6F30134F69530F8BC0D2B0434CC91E9047011A2464EC9C8953F89F0A2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............j*... ...@....... ...............................O....@..................................*..O....@..T...............H(...`.......)............................................... ............... ..H............text...p.... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B................L*......H.......P ..4............%......|)......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................\.....\.....I...........1.....1...>.1...[.1.....1...'.1.................C.....C.....C...).C...1.C...9.C...A.C...I.C...Q.C.......................#.....+.....3.9...;.9...C.K...K.q.......).L.........................................|.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\GpAnalyzer.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16968
                                                                                                                                                                                                                        Entropy (8bit):6.727640346798771
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:UL76NXy4IziByIWVoIYiYF8tgreRZcG889A5K+o/y2sE9jBF0NyDeaSW:UCweQIWVoIYiArevnAM+o/8E9VF0NylN
                                                                                                                                                                                                                        MD5:E5CC86B8C78534CC21FA502BEC3514AC
                                                                                                                                                                                                                        SHA1:D8739F5EA43F3D172F64B1ECF0153DBAC13C98AE
                                                                                                                                                                                                                        SHA-256:3DA02BF034584838C4E6BC9B87609B62FA731847FAE1D51144A26AC8CBEDF5CB
                                                                                                                                                                                                                        SHA-512:1EBAEB3E6E82C78E2705A079F31F65A070003ECDFD58272938CD91D108E781B8884322056FC7DDB39BF66F542E15855356210B3EA5DDD3BA9445F16FFAAFEC42
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^.f...........!................./... ...@....... ...............................1....@.....................................S....@..................H(...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H........*..H............ ......P ..........................................5as#...T7Bw..v..)T..{=.......9i.s...(B............'._.R\....Bh..0u.f..0.......3|'.a.g.i...G..n...o) xM...+.FvX;..pX..7$]...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP..a..!.*L=.u...V%;..Bb...t.U>E......=.Q.g....s...@Y..r.....3...a...o..B.e...(.b.`...B...D....%

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\GpDocument.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14920
                                                                                                                                                                                                                        Entropy (8bit):6.883204423556793
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:rP+U4Mi9IYiYF8tgreRZcowNw68A5K+o/y2sE9jBF0NyWra7H:jV4Mi9IYiArevUw5AM+o/8E9VF0NyZr
                                                                                                                                                                                                                        MD5:C6F213C3A21AD49A2F606CD80AC161B9
                                                                                                                                                                                                                        SHA1:62AB4F75A766B85C18A1ADD03E47D72B5559FE4F
                                                                                                                                                                                                                        SHA-256:F05089002AB2941F30C58EBDA01604D9A7A06D8CA402B464DA0E44B2D9483572
                                                                                                                                                                                                                        SHA-512:5050013B5CBB38BA9C3CA0AA8E43F529CC3A219D9AE0CA29A7DC7F23641D1BE6AEBCC074A9CF2BEF01370177CA166E688B188AAB38431EAEDB0403C7E98A9F36
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G............" ..0..............'... ...@....... ...................................@.................................P'..O....@..................H(...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......P ..............T%..`....&......................................BSJB............v4.0.30319......l...0...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................................P.....P.....=...........%.....%...>.%...[.%.....%...'.%.................7.....7.....7...).7...1.7...9.7...A.7...I.7...Q.7.......................#.....+.....3.9...;.9...C.K...K.q.......).L.........................................p.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\GpfxSettings.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):623688
                                                                                                                                                                                                                        Entropy (8bit):5.064740607771034
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:locnVfBfLhbpK/IjYEx9qjxQ9raT1AvsX+ZywoFIow9h6VlCipS5DYC:BF9qjmraT1AvsX+ZywxP6jCv5sC
                                                                                                                                                                                                                        MD5:34E3383FD05D2BE3928AA81A968B5600
                                                                                                                                                                                                                        SHA1:78EB6469E6659B46AF704FC86E183ABA6C720BAF
                                                                                                                                                                                                                        SHA-256:EABB6A932F702B7EB1E17550CED712061AFDDBF0C3F6F9F5ED857A94C0D67586
                                                                                                                                                                                                                        SHA-512:27F9E1D7F20FF1CF4D34694FA35BE9EF9E236C739CF15C5F1D2B7849AAFFC98600D35EAB3C952B60831B44985A0F5E9CE72FECDCFD4CCE66D5317C59F4C03E58
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.f...........!.....R...........p... ........... ...................................@..................................p..W....................\..H(........................................................... ............... ..H............text....P... ...R.................. ..`.rsrc................T..............@..@.reloc...............Z..............@..B.................p......H.......@h..T............ ..oG..P ......................................$..;.=c...&j'.........t.[;..LV..R.q.]~3s....8" ..*..g..i*/......'......N@..$....B.*3CZ...w.........k.D.5.../.... a.+...... ..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.x..`.H..n......L....x......j.....1X1..YZ..x.......&-.....x!..a\.....*.$.R.*..hi..^..........S.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.Edm.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):67960
                                                                                                                                                                                                                        Entropy (8bit):5.256372038267469
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:FqWvAZa9UJnS3PSqYMMTFTQTftD0oJwI81umV532TIxvLEf:FsZa9UJnS3PSqYMMTFTi2yf
                                                                                                                                                                                                                        MD5:CCBFF940F96ED5761F7AE1ECCD9FDBB5
                                                                                                                                                                                                                        SHA1:3D3F75C04D2996813ABF4F9D71B4C789D2215F26
                                                                                                                                                                                                                        SHA-256:A090ECFD4E60052CB57E1F839A071400A5D8FB2ABA7EEA8432083992F430B201
                                                                                                                                                                                                                        SHA-512:B5D3D579035B64B73B279EC61D5DED672628CA30A0C1716BBDC45466507D7FA5BF056F1FD9A937F7DEF169D159241039E1EB227F2340A948720E6151E90E95C0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G8`...........!................n.... ........@.. .......................@......B.....@.....................................S.......P...............x#... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...P...........................@..@.reloc....... ......................@..B................P.......H....... ...............P ..M...........................................I..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..X.b.Y.Cym.n....;............s....^............Q.......3..F......Eq....3.. =.><N.@nT...%..=......z......i.F..A.|xZ...[.?>..n0..]>W..;..Y..MF.t.....h.u.i.lK=.E......J.......7..|...@.."L.c....H.....b...[G/.....I..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.OData.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):279928
                                                                                                                                                                                                                        Entropy (8bit):4.947612790986534
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:SuVsqsRxyGeud6+B+dvNWb3xvVQxyIU5FdsxYznAV4lv130P:IPcYznAb
                                                                                                                                                                                                                        MD5:6069F5603B2E397E44229CC1F4E9975A
                                                                                                                                                                                                                        SHA1:F4BBD183F6054D7B5EB762F086A7B4FF3DFA39BD
                                                                                                                                                                                                                        SHA-256:9283517B5FDA1B6839F91AB1981E59F15C3D6E54CBDF551B0F044354CA7D8B19
                                                                                                                                                                                                                        SHA-512:393C2A545389A0479DCD80225C0386C996EA1E36CDF801217456E0C265B2B9A4AB803B41AC61D70B27185F5D75E619BABF363A5DDBB7F08BA5130774E3D979F2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d@9`...........!.................7... ...@....@.. ....................................@..................................6..K....@..`............"..x#...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`....... ..............@..B.................6......H........4..............P ......=4.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....!,..........R....!`......u.!...nI..iEs..K.".o.#....4.....8...Q.'....._~....&.Y.e.+.s..|{.........:"..O.(.5...E.am..C.M...Ve......"..8]..l....m.......|...........|..S.(..yx.*.......r]..{......_Ul......^..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.Services.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64888
                                                                                                                                                                                                                        Entropy (8bit):5.391379473025381
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:6lUKWvmWVx7RjlO3V/73DRPc3gXDOf0v5:+UdvxN8s8
                                                                                                                                                                                                                        MD5:4BCC98CDB2AE9965621C1B275F5F3044
                                                                                                                                                                                                                        SHA1:912E7B811FDC9F868CA81ACECE0253FFE9C31AF2
                                                                                                                                                                                                                        SHA-256:377A7FADB9B1CC98430775426280311F10B891C49C705D8459A0589C6B8B1C71
                                                                                                                                                                                                                        SHA-512:2AE9B7B600DCF3691082006345E449CB32AA9FBC5D0C82EADAF4F00FFCBE4B510A40C0B5A22374515A408D74626D5860B8344E772F17EBD4EA47BAAF97823735
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...TA9`...........!..................... ........@.. .......................@.......0....@.....................................O.......................x#... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......................P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..j....?r..%.....A..K.....z..0Y...../...rB.+|.7i.......P.p.J.z|...........=..r...n...D......1BE..~......s..2E......H..@+.~.p.//...)...qu.....Fa..;..2u...!.....x+j.........#..:P.\AX...........T.W.......jh...\..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Microsoft.Data.SqlClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):256648
                                                                                                                                                                                                                        Entropy (8bit):5.213278815156027
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:3WeuRols8zNZDFxGgvgfQWe9LYhCVEDWdqMtUgjRXJn1RDHquN4j+sy/wIa0SD:mefvxGgvgfQWe9LYhCVEDWdqMtUgjRX2
                                                                                                                                                                                                                        MD5:33627A6DF5B71B7B4A7929ECC5BA54A3
                                                                                                                                                                                                                        SHA1:BDD5CD467C2BC1ACD02B90DD864FC819BBAC5B9C
                                                                                                                                                                                                                        SHA-256:16760CDEE7118219647F6BCC0F3545546F8DC373E5AB4CCB2930F538DE279E3A
                                                                                                                                                                                                                        SHA-512:0F1E7160296424CCD61886CFE404D32EF3F7A7627D4FB2AFEB2C0D645DC4E1D567C95787902BD70C3724C7B040F050030F794C4C4B3D6E57540DC5BF902317EB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..e...........!................~.... ........... ....................... ............@.................................$...W........................(........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................`.......H...........x............ .....P .......................................dx.j...rj.}..%E..IK././.....^.A..f.`>.C9..#A.w[....a.Z......=.?..Q3.q..6.=z.T[.'P.......rg.........k...sg.o..-..<HpRwh..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.........9...}.>........VD..Q..'.!...Q.._.../.....R.........c.....7..3:...E...K..........a.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Microsoft.SqlServer.Management.SqlParser.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):62896
                                                                                                                                                                                                                        Entropy (8bit):5.645789594189441
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:aL+IqDb5TPkFYEC3RQvAT1UfZ6EqheguKLhLhza:W+IqDb5TPkFYECBEA5A6EqhetKZhm
                                                                                                                                                                                                                        MD5:8672C65071C25539387C2A2EBA2C334C
                                                                                                                                                                                                                        SHA1:4DED9289B2A273355A7DF7C6E99A949A26810B08
                                                                                                                                                                                                                        SHA-256:08707E824C1BEDA856963B2FADB9DF69459BEDD1FE46B0FCEFC13D2440DCB7D4
                                                                                                                                                                                                                        SHA-512:098B2D1BA5679DB423BE0211E548897473992F739E198EC37A7C29CD47C7C7B69FDB113CFE3B09847E8EB037A1CEEC7F0DD64B3A6C99B9662312DCDF0465AB03
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t.od...........!..................... ........@.. .......................@.......X....@.................................H...S........................'... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........<...........P ..:...........................................6..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....B.......PADPADP.]....*.t)......\../..(...~P.,.U.G[h.....8C..I............W...y..J.#Xs...w.r...........V...>{...0........t..]G......H....GU.........U'..].....K.i.K.4...y...5.....5..$..=b8.....X.#..gK...Gc..G.....A....+.:.A.W...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17784
                                                                                                                                                                                                                        Entropy (8bit):6.370461529870903
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:hVi1a3O+aRdYksghs27yWhRMWmhaabB5G7YDR9zt9dy6:h2xRdYksghZT6zDG7Yl9zFJ
                                                                                                                                                                                                                        MD5:CD394898D0750FA3AEDFF9FC0436F874
                                                                                                                                                                                                                        SHA1:7F43563A49E902B6DBD0D170917838C524A23892
                                                                                                                                                                                                                        SHA-256:3509E2706C602DAF32D265E2B5D3FB0C4C1553590D7F865C7C7EF1880451D06D
                                                                                                                                                                                                                        SHA-512:3DAE39F3109FD21D1340E60EA006BB05117AA504CC6FDD58851684D0A8EC166D7121ED8ADA819EDFD7C32DE69F69837D1DFBC29DE1E01B03AEE1585383E0970A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|..d...........!.................2... ...@....@.. ..............................e.....@..................................1..O....@............... ..x%...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H......../..,...........P ......./.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14712
                                                                                                                                                                                                                        Entropy (8bit):6.575843750543927
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:/7fcl7CQpnxdrW0N8WKAfWvkJ0f5AbVWQ4CWkSTo6gqzGslX01k9z3AefHEca+:/DcpCQpxdrW0N8WrraabvkGER9zjH8+
                                                                                                                                                                                                                        MD5:B3108D98B6FFF90811A2B0CA66510C62
                                                                                                                                                                                                                        SHA1:750CE56ACC1FAEB9A6A1A663C38C5BC94A6CDA88
                                                                                                                                                                                                                        SHA-256:DF0ECEDC7D52E4249AF3FD9D74C7E8EC5E56C6334042CFDCB7BCFDFB63CAB8FA
                                                                                                                                                                                                                        SHA-512:EF507A0A07A6330013C3A6DD9FEB23D302DFAE30D00429A8E6C8E2EFF23BA0A326EDBCE0E4684A88E61C2502A5627BFAF76B26F28C905E0A2EB41BB607E2BD39
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!.................(... ...@....@.. ....................................@..................................'..O....@..................x%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H........%..............P ......&%.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.+...(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g.O... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\es\System.Spatial.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19832
                                                                                                                                                                                                                        Entropy (8bit):6.238644154143018
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:xXK4aL2IpycdvlbA2sKbarWS8mWgD/HRN7WaQ3LlkQdSd60K:NxibrsKbboDv/NNK
                                                                                                                                                                                                                        MD5:11E78270FF1896BB2F810A445D9E69E1
                                                                                                                                                                                                                        SHA1:5BB9C25DF049EC940FDDAD9ED70396B6CEB9320F
                                                                                                                                                                                                                        SHA-256:2FB89C86F98F5599EA35CE1A60D05CAD08BD5926A280F0FF77F91F4782DC7E25
                                                                                                                                                                                                                        SHA-512:2F79697AABBA4ED127DF98A6F18B89E87DF3E8A08086DF4E2E34E6181903F726B18C60837D07962BEF0DFFD40146D68969827AB0ECD1C625602CBCFF9463A4DF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F8`...........!..... ..........>?... ...@....@.. ..............................{.....@..................................>..S....@..0............*..x#...`....................................................... ............... ..H............text...D.... ... .................. ..`.rsrc...0....@......."..............@..@.reloc.......`.......(..............@..B................ ?......H........<..............P ..)...y<......................................%..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADP4....~.U.$.g....>...j.......N..!...F+.-.`..}......v.".|.J8.........Rg.......5..1...-.J........L....-?..e.!Z.>&.:^(GdN)..2/.i.A.hsL..zL...V...Z.!I_..za..km.n.t5..v...|....................................6...w.......C.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\BrokerServiceSupport.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14920
                                                                                                                                                                                                                        Entropy (8bit):6.907937095270841
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:bDhCv82UcNVIYiYF8tgreRZcFA5K+o/y2sE9jBF0NyaaDB:bDhE5UcNVIYiArevGAM+o/8E9VF0NyNl
                                                                                                                                                                                                                        MD5:99E642AE01AD6D2E7E2D49C7D2E253D1
                                                                                                                                                                                                                        SHA1:F52E6F865A7F7A17ED45B4C631111BF13F6C24AD
                                                                                                                                                                                                                        SHA-256:F50A208661A68C93ABC434BFCA13A3E02D6A6B4FCB4383BE86B67DC1B8449266
                                                                                                                                                                                                                        SHA-512:E57CD23B09482E1F6BDAF025BACC21587C385F74465EC22693FD6DBC7F65D2DFC130B5278015BA533026CE8B65724768659BFD72F1265157B0DC0025BD406BF6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.f...........!.................'... ...@....... ....................................@..................................'..K....@..H...............H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B.................'......H........#............... ..=...P ........................................\......\7..DT.id..1i..6F7..o+..:...g."8..)....b:~.l...3..s.G..J.c.-.,E........(D...W.}.(...a.............q9..Y&.N...L!.9..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.4S".4.XC.......T...>L.i.c.e.n.s.i.n.g.E.n.v.i.r.o.n.m.e.n.t.U.n.s.u.p.p.o.r.t.e.d.....HL.i.c.e.n.s.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Citrix.Base.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):11760
                                                                                                                                                                                                                        Entropy (8bit):6.473966112099054
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:xlmlhV8qvUkZbJpnDWpHJH476IUDaubdENfkMIZHm:oQqvUkZbJpnDGRcfNcMIhm
                                                                                                                                                                                                                        MD5:EA0AF9540454252E9515588DBCEE85CB
                                                                                                                                                                                                                        SHA1:0EABD7110B71E14E08CFA702CFD2BE8B9075FA65
                                                                                                                                                                                                                        SHA-256:180A3F8FD8CA249C19068C66F3DADD47CC67E6E6AD1A9CC46AE7C19EFA98AEF9
                                                                                                                                                                                                                        SHA-512:C563FAC72ACD7CEAABDAA19B491CFEF32033B6518848591E7D59FC576114898249B87754880778815D0A1B408E236F452BD404110E321FCFCF6C1C5105E799A9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............N)... ...@....... ...............................+....@..................................(..O....@.......................`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0)......H.......P ..............P%......`(......................................BSJB............v4.0.30319......l...0...#~..........#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................T.....T.....A...........&.....&...>.&...[.&.....&...'.&.................;.....;.....;...).;...1.;...9.;...A.;...I.;...Q.;.......................#.....+.....3.H...;.X...C.c...K.x...................t.8...............................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Citrix.CloudServices.Core.Api.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13728
                                                                                                                                                                                                                        Entropy (8bit):6.562981092546034
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:nkWmaSwLY3kZ0OqUUZkJ1SoQIYiYF80ag/5Y7OEtELLLDENfkMIZHIM:n3S+YUaOqUUZkJ1bQIYiOjB5nwNcMIh
                                                                                                                                                                                                                        MD5:1641CD512F6480CD3DCE5E8F810CB07B
                                                                                                                                                                                                                        SHA1:7014BFFBC76FEF41E25AAC05724F6F8D65C8DBB4
                                                                                                                                                                                                                        SHA-256:B93AFB45136C951A55A3584DF455C966C9F1F222D2EB35E931D582BDEE7FEE25
                                                                                                                                                                                                                        SHA-512:999CAAEB9B2F8AF83B958F5E7A464747EFE4D9307B02954DD997672F11A6F64405A47992FB3B800B0114DE0FD2C9FBCD6736C8B2DBBF91ABC512E30D55D2CB76
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ic...........!.................+... ...@....... ...............................r....@..................................+..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........'............... ..4...P .......................................<v..Hk1...y....O|.>a.-.cg...pH...`.w>.-..'..%...9j......;.K.../..Y]+q..8.|..E}...[...k.y#ja...(.&..`........p.i...f]T......0..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP6...k...V.....x.o.7....R.hg..z.&.H...W.J...<3...L.......q...................L...#.......u...*...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13216
                                                                                                                                                                                                                        Entropy (8bit):6.53083032087705
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:uEMxXoSp7oHhJMDIYiYF80ag/5Y7OEtELLqtsZIENfkMIZHFo:uEcou7oHhJMDIYiOjB5MSNcMIhq
                                                                                                                                                                                                                        MD5:6EC663FCA17AE14960C96E56187EF155
                                                                                                                                                                                                                        SHA1:C0C1D8A78B9075210671C628F818057E905A4CB5
                                                                                                                                                                                                                        SHA-256:2F03F91FE266D9B0CA9C303A8984C15A064EB3584F29A4103C1DC3BF0DE8BAAE
                                                                                                                                                                                                                        SHA-512:4C1F0924EE9D27EA80B3C52C1212473AD9A34392C69E7E2B1CD75430310C992D9E44B5FB0E4E861923583F48EE6E6CBB379A17A2A81F8CCF0FAC1DE89A7302E5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d...........!.................(... ...@....... ..............................H.....@.................................l(..O....@..P....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......l#............... ......P ......................................}?2X(....-.9...Q.t.:.....X...7'..Z...O.]O.,.d.4.G{...P.)..c..XZ./...vI.&...b...sn..L..a.._>:3..~,..Q...E...:.E.(._...u.v%@...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP]...1..FX.b....V...).......$F.u.t.u.r.e.D.a.t.e.R.e.q.u.i.r.e.d.....(I.n.v.a.l.i.d.C.w.s.A.u.t.h.F.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Citrix.IconConverter.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16456
                                                                                                                                                                                                                        Entropy (8bit):6.794238699263332
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:FhKoPAKuI45/e+6E6cJa4IYiArevYqAAM+o/8E9VF0NyhX:FEoIv55W+6E6cJahYiRvYqAAMxkEP
                                                                                                                                                                                                                        MD5:AFCCF0E44FC8BF913643104D4BA49372
                                                                                                                                                                                                                        SHA1:D7B7BB7B7ED1004F6EF1363DDEBD98F249DC7F7A
                                                                                                                                                                                                                        SHA-256:E387FC0A270F098BE1F644B448FCF1CC1708463D9B81900BC815BFE825D5655B
                                                                                                                                                                                                                        SHA-512:16F4A0396C8AC02A0959771592EFB404258C543B3652F7349889BBC439376EC0389AA43D0AF52D128E3367F425AA808E95D29CAD74EB9025B5E400DD9399401A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z.f...........!.................-... ...@....... ..............................y=....@..................................,..O....@..................H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......@(..|............ ..p...P ......................................K...y]..^....,.,.3T..@......1iF[.....PsL.W1..1I..q%.......@J{`o9j..r..g:!k....D...ho.....Z..)_..$.....M..rf...w.6[Z..C@:..l..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.......AW......?I...G.g..:`...~.8..!d.#A..#..\)7).5.3.S...y`...i.......B...........7...........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\ConfigLoggingSupport.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):29256
                                                                                                                                                                                                                        Entropy (8bit):6.2076644611601415
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:wnEymSYsEqQhXE+OviGpyh/UciEYiRvO8AMxkEV5DD:wEymS9EThXEzviG+lJ7N/xZ5DD
                                                                                                                                                                                                                        MD5:5AFA2FF714378E7AFEABBD972D7A7BD4
                                                                                                                                                                                                                        SHA1:2158CA61A9B3984C9BD440FAEC3FE0439A180BE4
                                                                                                                                                                                                                        SHA-256:9D139A095C07AE85CA9B78CF17CE38E65FD10AC474D255E949F606AD4A5881DB
                                                                                                                                                                                                                        SHA-512:1DD19D308BFAC1EDFF492E3DC5C702607BAC688EACDD3DFF4819CFD471856DC609A9A19C46238518EB05AB5EBA64D20658C7E0DB00189D9615E9FA3CC4D52683
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._.f...........!.....@..........._... ...`....... ....................................@.................................._..K....`..H............J..H(........................................................... ............... ..H............text....?... ...@.................. ..`.rsrc...H....`.......B..............@..@.reloc...............H..............@..B................._......H........[............... ..=:..P .........................................ss./V...e......:N.W.h.23...n.....I...FiX..?..\.Vo...bX5...$...MT..v..Z..h)...o.F.[.mnQ......J.Q(n....`...V....`".u9:.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..+.i.]...z.)....#..$#.L3..q.{.i~b.N`..D..........3.o.)...;............z..p[.*1^..3..4:...+...VV.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\FmaCommonEnvTests.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):35400
                                                                                                                                                                                                                        Entropy (8bit):5.974998446048799
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:WM6rC1fe+8qyprBEoHKuLCZ1E+cLlJlWKXg1cZwfly3R00xk1wgAwgtV0YiRvhu8:WM6+1fe+8qyprBEoHKuLCZ1E3LrAKXgZ
                                                                                                                                                                                                                        MD5:9FF5E1FA43CBCCB329A2F44C04F44D48
                                                                                                                                                                                                                        SHA1:70147435233B2A4D72915B800EAC1411F957F3ED
                                                                                                                                                                                                                        SHA-256:37B4BDFBCF6C8CBA4CADD15EBF0C2821DC59CC78EB4966D02571F982580185D4
                                                                                                                                                                                                                        SHA-512:E132B8D13F29B07F6A0E64CCE77B1C8C0A7B195AF6B5C74BD3CC7A29A811DE0F362D190DE515AC040EC9E9D30536FED97830768AEBE3610A45D4AA6CA129FF33
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....P..........." ..0..X...........v... ........... ..............................A.....@..................................u..O.......0............b..H(...........u............................................... ............... ..H............text....V... ...X.................. ..`.rsrc...0............Z..............@..@.reloc...............`..............@..B.................u......H.......P ..$...........t%...O...u......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................Z.....Z.....G...........,.....,...>.,...[.,.....,...'.,.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.9...;.9...C.K...K.q.......).L...........>.............................z.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\FmaConfigLoggingClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):15944
                                                                                                                                                                                                                        Entropy (8bit):6.784441538082717
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:3M1ooAwYQIYiArev3AM+o/8E9VF0NycUX:BoAwY5YiRv3AMxkENX
                                                                                                                                                                                                                        MD5:88D825EFBDF4A5D8D1299BE1358734F0
                                                                                                                                                                                                                        SHA1:236B74CC4C24A1BDC60BA1EF74AF0D96E054FC77
                                                                                                                                                                                                                        SHA-256:B643CB9E81C156770D6911F390716D607321C638D397BE8E7A3381896A49A4DA
                                                                                                                                                                                                                        SHA-512:1C649650100B48C2960FE0152F717B9198A3A8509ED26943E7BF4B4A37E743B77DFCA51570C37CEDC762DCBE922F04AB12BCF05DC7BF37D64A7DD6CEC184F5FF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ..............................g-....@.................................0*..O....@..T...............H(...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B................d*......H.......P ..4............%.......)......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3.................................................._....._.....L...........1.....1...>.1...[.1.....1...'.1.................F.....F.....F...).F...1.F...9.F...A.F...I.F...Q.F.......................#.....+.....3.9...;.9...C.K...K.q.......).L...........C...............................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\GpAnalyzer.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16968
                                                                                                                                                                                                                        Entropy (8bit):6.748338564681529
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:U+RwW6FeeaIWV7IYiArevIfHAM+o/8E9VF0NyW/b:RRhIWVEYiRvIPAMxkEi
                                                                                                                                                                                                                        MD5:F99F821EC530F7411D19EF07F2E1E719
                                                                                                                                                                                                                        SHA1:C4A9E838F1C5CDC8824E89ACC199D6860CFF2E58
                                                                                                                                                                                                                        SHA-256:15E2298D2E437FB402B7623C273A453ECB5FE0CD1C20D1D6CA787F93FEF81053
                                                                                                                                                                                                                        SHA-512:0F9314FE49A65F24B0316ABA7438A6E2E45F3271661E8D89C58B95B532F40A9D99AAD08721079F5362C10812811641E5561002F14648C50B730F138CA257DA2E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^.f...........!................n/... ...@....... ..............................J.....@................................../..W....@..................H(...`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P/......H........*..H............ ......P ......................................'.,V@...>.W1o.pD..j..W...WG...ZZ.......d..e..(En...y.F.C".t......_.Z....U....S........".(].......ge..@.|..G..i~.9..a[UZ...9...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....#.......PADPADP..a..!.*L=.u...V%;..Bb...t.U>E......=.Q.g....s...@Y..r.........3...a...o..B.e...(.b.`...B...D.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\GpDocument.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14920
                                                                                                                                                                                                                        Entropy (8bit):6.886209799713237
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:frfG4Mih8IYiArev3U5TAM+o/8E9VF0Ny+HU:frO4MiPYiRv3gTAMxkEqU
                                                                                                                                                                                                                        MD5:39D52F9FB6C3EF0C0FFF96752A16F00D
                                                                                                                                                                                                                        SHA1:89D0ECBF78CF61BE5BE8F302035D5DC06382B3E5
                                                                                                                                                                                                                        SHA-256:74C5BF20721327C9DCC96AD69EBAD08D7862023FEFA670EE4142E2140C9048E2
                                                                                                                                                                                                                        SHA-512:FF14B323B7A2485E3007B33808FBA298C2DDF3615CCE5B6565E650A1B3517998350164B3C1EC5BB5551DE80184449EFCA6A14FC0D41482183A7AD94EB4416173
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............'... ...@....... ..............................8.....@.................................T'..O....@..................H(...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......P ..............X%..`....&......................................BSJB............v4.0.30319......l...0...#~..........#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................S.....S.....@...........%.....%...>.%...[.%.....%...'.%.................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:.......................#.....+.....3.9...;.9...C.K...K.q.......).L...........7.............................s.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\GpfxSettings.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):637512
                                                                                                                                                                                                                        Entropy (8bit):5.117848221185667
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:0WWpIlY1/R7EvCBy3GQhwxeQ+rADNMhIhWFWx2A72HoSw0dNZ6fS64a1sa1SKgyc:0SY77HBy3GQhwxeQ++MqMdafLb59/tmD
                                                                                                                                                                                                                        MD5:A04DC1EF31C52AEB38BF163C69334420
                                                                                                                                                                                                                        SHA1:935961E8EDAE9EE27CA2445720F6F10BEA9F7D0E
                                                                                                                                                                                                                        SHA-256:66DE8D3360CE6DD6BAAF32CEAE447EBEA910A9D737FAF9BD4CD71F7DF26C1BDE
                                                                                                                                                                                                                        SHA-512:01C3F82108F4FA012EC463D46250D9A91561E50C6BA64CB2FF18F24CA0EE7F6DFB33CA832616689BE914C3A6A84EF6D0DD95677B5732CDDD2FF75D84861CC3BE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.f...........!.................... ........... .............................../....@.....................................W.......................H(........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......0...T............ ..`~..P ........................................<4...l.|..R~GA.^..bYUm...`0.........Cc.~,...7Am...w.....V...p[L...)..};..LGkD4}.cF.V.S(..8..J.....hZ....7.e*..s+_6}>.<.k...j...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.x..`.H..n......L....x......j.....1X1..YZ..x.......&-.....x!..a\.....*.$.R.*..hi..^..........S.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.Edm.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):69496
                                                                                                                                                                                                                        Entropy (8bit):5.303421107311169
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:hJWN7x9yHu1EUXfq9WmZiMW++xNrZ56qYEsEBO2fL7ta7lt9v/E5:hQ7x9yHu1EUXfq9WmZi3rbtaLa5
                                                                                                                                                                                                                        MD5:97219D60415BFAFFFAFCD2375FFAC1AE
                                                                                                                                                                                                                        SHA1:DC8B6C167A2A223CC77DB2F7D9B94DF80D18D0F1
                                                                                                                                                                                                                        SHA-256:1A5FF5A850F404696AA9FED7F1EF06F53D57291C0E1F348542863D4FD0ABD067
                                                                                                                                                                                                                        SHA-512:58190D0D536E636AB9DAEEC573914AAB66D4A8AE8C3045ECB72540313A0BDD903E4C59F4E31E0D7F2245A80E5C53183CA593B9B937A7DCFAFB1ED50A9F4513BB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G8`...........!..................... ... ....@.. .......................`............@.....................................K.... ..@...............x#...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H.......................P ......E......................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..X.b.Y.Cym.n....;............s....^............Q.......3..F......Eq....3.. =.><N.@nT...%..=......z......i.F..A.|xZ...[.?>..n0..]>W..;..Y..MF.t.....h.u.i.lK=.E......J.......7..|...@.."L.c....H.....b...[G/.....I..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.OData.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):293752
                                                                                                                                                                                                                        Entropy (8bit):5.056957717494792
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Hdp1eJ41Hm9ng2vrOLnVIo3zGJYhICFO/6Tmp:HZHmZr1JTUDk
                                                                                                                                                                                                                        MD5:156647F7EA08297953887EBD70FA876A
                                                                                                                                                                                                                        SHA1:E1A4910260C1F4A8E194F500EB6BA699CACD7E9A
                                                                                                                                                                                                                        SHA-256:4B80839B37FA11CAE3762741F25B95D5BF4959122E212B8DB8838A231AE7E8B8
                                                                                                                                                                                                                        SHA-512:30E565CCE2505575221872951D183F7FA99974DCFD99322734357B6CC686DD04437466077E765F089C4ED912F20EAF108BCB733C80D2F299A053459AD53880B6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h@9`...........!.....N...........m... ........@.. ....................................@..................................m..K.......P............X..x#........................................................... ............... ..H............text....M... ...N.................. ..`.rsrc...P............P..............@..@.reloc...............V..............@..B.................m......H........k..............P ...J...k.......................................J.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....!,..........R....!`......u.!...nI..iEs..K.".o.#....4.....8...Q.'....._~....&.Y.e.+.s..|{.........:"..O.(.5...E.am..C.M...Ve......"..8]..l....m.......|...........|..S.(..yx.*.......r]..{......_Ul......^..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.Services.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):66936
                                                                                                                                                                                                                        Entropy (8bit):5.444583235386708
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:hAQ5/H5RIYlsk3jzSY2qunmPQ9CGRr7PJcDYzHlvC:T/H5h3SY2qurfr7PJcg0
                                                                                                                                                                                                                        MD5:6155E360F5A236D822CE59421F60672E
                                                                                                                                                                                                                        SHA1:A55ECFE0528BE630BBE7C40818E48A01125835B2
                                                                                                                                                                                                                        SHA-256:F0113D090F2CC5B269AD357E2F018EF49B5D9991566A15BC60B03C375C315BC9
                                                                                                                                                                                                                        SHA-512:C1BFE1E18C8B725FDC636B554A51D98F39D6991330F1B29B967E562A3528808474A5C754A645F2513A4B2DF20950FE07C9277369F134AF6ED8E0723C177D0C30
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...XA9`...........!..................... ........@.. .......................@......<P....@.....................................S.......................x#... ....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......................P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..j....?r..%.....A..K.....z..0Y...../...rB.+|.7i.......P.p.J.z|...........=..r...n...D......1BE..~......s..2E......H..@+.~.p.//...)...qu.....Fa..;..2u...!.....x+j.........#..:P.\AX...........T.W.......jh...\..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Microsoft.Data.SqlClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):265248
                                                                                                                                                                                                                        Entropy (8bit):5.283073295911947
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:QWeuRy3RLW3JvPuFgugpaGezaBtCuNunYBt3UgI9vCNmYo1ms0s85PTPt+w3cU4T:NeFsvPuFgugpaGezaBtCuNunYBt3UgIV
                                                                                                                                                                                                                        MD5:E88CEF92B36636A0895F744AD9F6A993
                                                                                                                                                                                                                        SHA1:8E53350529A31D59F32658A721820D475420E4FF
                                                                                                                                                                                                                        SHA-256:1F445EC5D76401F641B30D66CD7B3350B8527E10038C3B10546EBFC705BAA8DD
                                                                                                                                                                                                                        SHA-512:B71DDCBFD45336A91831959022F477D0EDEA39AD4478FB7F8F9B602EAB4A45350AAD8733A8E2EC147752831F561B971AD4A03332B83A3E48C29A63CC3497874A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..e...........!..................... ........... .......................@......$4....@.....................................O....................... (... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......D...x............ ..t...P .......................................r.yv..`..3.>q....j...Yu..../x..T.).syDc@..^h.{..Y0....`O.1.X.;3.f...V*|.r.Y.Q).&...Ix..q...;.. ..)}._9..,...h..='....&W[.{.p..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.........9...}.>........VD..Q..'.!...Q.._.../.....R.........c.....7..3:...E...K..........a.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Microsoft.SqlServer.Management.SqlParser.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):65968
                                                                                                                                                                                                                        Entropy (8bit):5.7273341447539226
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:TvHDPIUZozjL6TWe6Vk955YPjgll2x3aWHrTe1MFQcELiVKMEIGTPwy69AgibkL1:zDPIUZozMAVVank3hr
                                                                                                                                                                                                                        MD5:38A3F5CD2CAB78A8B4CFDFCB0B083D26
                                                                                                                                                                                                                        SHA1:DCF161D9E76234BE7722F22C97480B019D1E570C
                                                                                                                                                                                                                        SHA-256:4DE0C7997C08322085E97E14C123D803848B8F4B77F06E7F5CC7ACF9B3356BEB
                                                                                                                                                                                                                        SHA-512:379A057316247CBA6249466208964F03D6E63E1B60E74F5D00B1755D69BDD93DD85EA887E7BD67462E92D579E25D6B197996763B3FC8AFF9B5855F68EF8EEC09
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t.od...........!................n.... ........@.. .......................@............@.....................................O........................'... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................P.......H...........<...........P ......^......................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....B.......PADPADP.]....*.t)......\../..(...~P.,.U.G[h.....8C..I............W...y..J.#Xs...w.r...........V...>{...0........t..]G......H....GU.........U'..].....K.i.K.4...y...5.....5..$..=b8.....X.#..gK...Gc..G.....A....+.:.A.W...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17784
                                                                                                                                                                                                                        Entropy (8bit):6.44731612565344
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:DMi1Y8x6iY0J0GDt+LXgkOWhvMW/daabbU9OOP5AR9zhjF:D/NDt+LXgITzoOOPO9zT
                                                                                                                                                                                                                        MD5:733DB73F79712B9A6217CF44AFBFB24D
                                                                                                                                                                                                                        SHA1:44746A627B9223E97468A07F4F3974B4BB5641D7
                                                                                                                                                                                                                        SHA-256:FC99C022DE90252B8D79EB719C3458A63D5F3E28A61DDE70AB149ADB74AF3C2A
                                                                                                                                                                                                                        SHA-512:9418421D0425C6977152F586B8936B33FD461F58CB71B9A9B17B5A6BF8D552AC7FA18E445332DCFC29043B320C7230E1D28AA0EF91A5F5CFB12D2D379FE76B7D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..d...........!.................3... ...@....@.. ....................................@..................................2..K....@............... ..x%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........0..,...........P .......0.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14728
                                                                                                                                                                                                                        Entropy (8bit):6.581138003297856
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:2EcUhWrIcaFxeW4YQWNWGxVA6VWQ4CWhdVXyGI+X01k9z3AbQz0:zc+vcaveW4YQWJxdIdJNrR9z+Qz0
                                                                                                                                                                                                                        MD5:B38D7F0A1FD6D91D6420190602E5FE88
                                                                                                                                                                                                                        SHA1:81402EC1D8F98B365B91ACD593A6507C02E5D5B8
                                                                                                                                                                                                                        SHA-256:6C346B33A5A37849A7B584F0E5173D3CA3F0FC391C3EA6F991EE53A13317E151
                                                                                                                                                                                                                        SHA-512:2979C95EEA86324B8D3F52E91523F2EB573DD8D3D0086CB696029CA6CEDA685A07DFF6637CD7EBC23CC7C027B93DF0AD169AB77A5EFBBFB0A9E86DBC1B192ED9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!.................'... ...@....@.. ...............................S....@..................................'..S....@...................%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H........%..............P .......%.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.,...(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g.S... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\fr\System.Spatial.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20344
                                                                                                                                                                                                                        Entropy (8bit):6.20709238658543
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:1X4ET+IdT/QwghxKxXZNrNjLWSRmWnD/HRN7WKO3LlkQdSq:R4oghAdr7/Dv1E
                                                                                                                                                                                                                        MD5:DF14F89A6C0C3C0E71ED694B2CCD5748
                                                                                                                                                                                                                        SHA1:B224720F6EF0BA65A1EAFD9EDDABE9FF13FB59F7
                                                                                                                                                                                                                        SHA-256:E75978547303C2A10580A77215772FA7DD79A79636D9895BF2DB3BB9ADC630F2
                                                                                                                                                                                                                        SHA-512:6074DB314CD8BB9BBA8AE3805A079B91B8739BAFC679AAE9911B2A0D9C4AF2A32033AA7EC3527D4F7446DF0DCD9706B49BF6B4A84BF97C81E0221E10AA48EB9F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F8`...........!....."...........@... ...`....@.. ...............................+....@..................................?..S....`.. ............,..x#........................................................... ............... ..H............text...$ ... ...".................. ..`.rsrc... ....`.......$..............@..@.reloc...............*..............@..B.................@......H........=..............P ......Z=.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADP4....~.U.$.g....>...j.......N..!...F+.-.`..}......v.".|.J8.........Rg.......5..1...-.J........L....-?..e.!Z.>&.:^(GdN)..2/.i.A.hsL..zL...V...Z.!I_..za..km.n.t5..v...|....................................6...w.......C.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\grpc_csharp_ext.x64.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):12684056
                                                                                                                                                                                                                        Entropy (8bit):5.750572800376826
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:T90rvru1gfhuxb58gzjuq8/bx72QJg/+gqms:T9Mvru1+hux/uPTcQK/Zjs
                                                                                                                                                                                                                        MD5:865C7D285D665FE4D9FB672B111DD54D
                                                                                                                                                                                                                        SHA1:C3E83E7A8402F0DE75A49D5DCC71DD131E9B2CAB
                                                                                                                                                                                                                        SHA-256:4151229B6E31DAE91D459BE70655417DD18E6B0869C9A72FEF08A5BB28D980B8
                                                                                                                                                                                                                        SHA-512:9BE1CA48ABFBCFB0964B25613E62EF75A5603876E84DD317D5946A96E1FFC64E219366B4635582D4C455212580E6B94A5DE54E5FFF6523792ABFA2BCF0E18A1E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6es.r...r...r....`..o....`..|....`.........v...IZ..x...IZ......IZ..Z...r...c....`..y...r........Z.......Z.......Z..s....Z..s....Z..s...Richr...........PE..d...~|.c.........." .........`8..............................................`............`.............................................#...x...x....0..Y....@..x....b...)...@.......n..8.......................(...0o..................x............................text............................... ..`.rdata...,.......,.................@..@.data........@...Z...&..............@....pdata...q...@...r..................@..@.idata..K$.......&.................@..@.tls....s...........................@....gfids..4...........................@..@.00cfg....... .......:..............@..@.rsrc...Y....0.......<..............@..@.reloc..V....@... ...B..............@..B........................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\grpc_csharp_ext.x86.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9986840
                                                                                                                                                                                                                        Entropy (8bit):5.798952004538316
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:ht0TyUQmSCXRLO0KmlsunPzBVhgH01n/QoDD:hwQmSCB3Kmlsq1
                                                                                                                                                                                                                        MD5:5375B505F0463930EE8EA2254B477DEB
                                                                                                                                                                                                                        SHA1:B114BC70840FCFD7BB60ECACFFA1944F23A459FF
                                                                                                                                                                                                                        SHA-256:F6A6B19A8EA19E51CD4FB8E120A8B3DF609429193653618E56D24C5D9704E56C
                                                                                                                                                                                                                        SHA-512:2CE74BB9CAFB182E0052CEFBC5B40C0CEBC6DF31DF80DF59CD1BE9AFFAB53E274D75133327903FE3D8828F09225B20D48E3E2FC58BB58A4D17F542C5D6E7F7D4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......|C..8"..8"..8"..WF..."..WF..."..WF..'".....;"...|..$"...|..O"...|..."..8"..4"..WF..3"..8"..."..|...#..|..#..|..9"..|..9"..|..9"..Rich8"..........................PE..L...p|.c...........!......z.........T+........z..........................................@.........................0........d..x.......Y............:...).............8..........................H...@............`...............................text.....z.......z................. ..`.rdata...H....z..J....z.............@..@.data....3... ......................@....idata..K....`.....................@..@.tls....$...........................@....gfids..............................@..@.00cfg............... ..............@..@.rsrc...Y............"..............@..@.reloc..............(..............@..B................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\i386\libccauth.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):137368
                                                                                                                                                                                                                        Entropy (8bit):6.749362813995155
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:yeVm/zn0nAyn6OTYB43vB6WGx5sHy/PZ0b:TVmjaAU6+M4fB6b0H4PZ0
                                                                                                                                                                                                                        MD5:49F72E7B266D3D813CFF2FD1540942D3
                                                                                                                                                                                                                        SHA1:6B3CB7B4F6ACD9006593B6C89D77AE2A73C0562B
                                                                                                                                                                                                                        SHA-256:AB812B0A74AB04DD4FE6B8091513FD68DF41187AA933F2F044C63CC974C854F4
                                                                                                                                                                                                                        SHA-512:4549BE6AAF7AA9BC24D156E66C65B7722005922F89CF5EFB5220973C675DEB71CD3EDB53DBCD8A8365A973D92B08B950DCA74AF1F7E84E9E18539171A69FD144
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s....}...}...}..j....}.dL|...}.dL~...}.dLx...}.dLy...}..y|...}...|...}.~Lu...}.~L}...}.~L....}.~L....}.Rich..}.........PE..L.....e...........!.....|...........~.......................................`......CE....@.........................`................0...................(...@......0...p...............................@............................................text...:{.......|.................. ..`.rdata...W.......X..................@..@.data...x+..........................@....gfids....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\iobfuncdll.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24208
                                                                                                                                                                                                                        Entropy (8bit):6.402976661485809
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:gJ0CEDw+4mkHvHoVep3iThIYiibZ87gFAM+o/8E9VF0NywvT4s:gl+4mmoVep3iT2Yi687gFAMxkEy4s
                                                                                                                                                                                                                        MD5:2F5EDD98CDA607DF65DD66BD4966DF1D
                                                                                                                                                                                                                        SHA1:CF093B0B9CBC56BEA355157F004FC914DBEBBED2
                                                                                                                                                                                                                        SHA-256:3CE51D685DBBEA4780614F2E290B90F5F7BFD43400B785CC9D79F856415DEB20
                                                                                                                                                                                                                        SHA-512:F28BFED564E9AE574BA2FE8BA4C3B58B42A47DC286703204DBC06BA6D32F80F4A5EE4DA31B3305568A8875DC470BA9F87367DC34E89D7EDE942216E99C3838CC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............}..}..}.....}...|..}.IR...}..|..}...x..}...y..}...~..}.?.t..}.?.}..}.?...}.....}.?....}.Rich..}.........PE..d...uV.e.........." ........."......................................................A.....`.........................................p8..d....8..x....`..X....P..(....6...(...p.......1..p........................... 2...............0..0............................text...C........................... ..`.rdata.......0......................@..@.data...P....@.......(..............@....pdata..(....P.......*..............@..@.rsrc...X....`......................@..@.reloc.......p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.Edm.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):67960
                                                                                                                                                                                                                        Entropy (8bit):5.2721468699231275
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:lcWLvDKfgrfuX7YgjGWfvEC2upGEGd6aM1R8L66vA7:l5vDKfgrfuX7YgjGWfji3Un
                                                                                                                                                                                                                        MD5:1943AB19F984C3A26E2C813AD4D5A436
                                                                                                                                                                                                                        SHA1:7E26E987A1037EAA17527E3CFABC2C320880998F
                                                                                                                                                                                                                        SHA-256:3BF417756A0D5805D93342F1197DF52AE5801723C434DC52A07A6B96350000F0
                                                                                                                                                                                                                        SHA-512:C9E6812BE4A142531173318D085968CBEAB04AB0A3DD16521447C86ED0DB98769A1D38468B89F0F310BF056683FAE23C7FB27756BE3EBA1B1C67B79385532B55
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G8`...........!..................... ........@.. .......................@......hM....@.....................................K.......P...............x#... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc....... ......................@..B........................H.......................P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..X.b.Y.Cym.n....;............s....^............Q.......3..F......Eq....3.. =.><N.@nT...%..=......z......i.F..A.|xZ...[.?>..n0..]>W..;..Y..MF.t.....h.u.i.lK=.E......J.......7..|...@.."L.c....H.....b...[G/.....I..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.OData.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):278392
                                                                                                                                                                                                                        Entropy (8bit):4.942002886972887
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:90OU8TC2aPVQ8XC5uk94nESKoCJvPf8ziiCbT7O3poWyMb5v7xJQaQER:ggiCbT7O3poWH5v7xmaQC
                                                                                                                                                                                                                        MD5:79FF6A26CE273CB148EA89DF918BDBB0
                                                                                                                                                                                                                        SHA1:6CB37C8449597CA21207831D83FC8B82A8175B86
                                                                                                                                                                                                                        SHA-256:E3702900BAA4B1F29EBDBF9C9E7E0D13F5587F890E686CD944808C179AAB5FEA
                                                                                                                                                                                                                        SHA-512:4AF18681C7067EB98E47B637772D2DC2F9569D99A50A7ED90EFEED23CF4CAF32336726756304EC3CBBD3F1FCE2138EEF5AA364262B534E6C77D17E2A8DB318AC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k@9`...........!................n1... ...@....@.. ....................................@..................................1..S....@..`...............x#...`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................P1......H......../..............P ..H...........................................D..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....!,..........R....!`......u.!...nI..iEs..K.".o.#....4.....8...Q.'....._~....&.Y.e.+.s..|{.........:"..O.(.5...E.am..C.M...Ve......"..8]..l....m.......|...........|..S.(..yx.*.......r]..{......_Ul......^..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.Services.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):65400
                                                                                                                                                                                                                        Entropy (8bit):5.392889008554733
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:AqF2lluCmlhtPqctP1sp/MrEBrjQhLasg39UQL1DvxAV:NEuCq3P1spaaj8g3lLlvxAV
                                                                                                                                                                                                                        MD5:7B6D67242DDE36E17798425F2C244A43
                                                                                                                                                                                                                        SHA1:43F7421B810A3593E1227BF06EE0FE62DB1FF6B9
                                                                                                                                                                                                                        SHA-256:4D33ED76F7C5AE86EC71C060FB8FCDB28D841F0F01A7B10605ADBED45E096233
                                                                                                                                                                                                                        SHA-512:6786C6D07BC64B0184BEF8A44B2DC37B24EFB82FCDDC0D128D66AB7476B32A282401E837069E8E73076F8B6A5EF635028C15B2EC6FBD74BB7CD308A9B2BF7FB7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[A9`...........!................N.... ........@.. .......................@............@.....................................S.......................x#... ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H.......................P ......_......................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..j....?r..%.....A..K.....z..0Y...../...rB.+|.7i.......P.p.J.z|...........=..r...n...D......1BE..~......s..2E......H..@+.~.p.//...)...qu.....Fa..;..2u...!.....x+j.........#..:P.\AX...........T.W.......jh...\..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\it\Microsoft.Data.SqlClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):257552
                                                                                                                                                                                                                        Entropy (8bit):5.203564926532381
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:dWeuRD4wsIG0WjOag7gUg6qnVu3gJu3v2m368g1ypCY7fsVrCcajV+xWqkqberpx:seI47Oag7gUg6qnVu3gJu3v2m368g1yv
                                                                                                                                                                                                                        MD5:F8C1D756CBF4DE20F209070D2993EB76
                                                                                                                                                                                                                        SHA1:A5D271D2F106FE378DB614E77AA05E67AA38AA9C
                                                                                                                                                                                                                        SHA-256:C1AD5A04EBE3FAEC3F1860EF6EFEE1530789C07D3A11402A1C19CB679A05023D
                                                                                                                                                                                                                        SHA-512:B9B95B9EDD1A970BA38B4EEEDE38C493715B4DDE01743754C6D98BB470A0564B0CF1945CD5ED29C724922F28BB68F9B4921EE3E40AF20B13A8E2918F442B3CAC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..e...........!..................... ........... ....................... ...........@.....................................K........................(........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......X...x............ ......P ......................................j........p..v...%...=.5..j..~'6y...r..~.m..-.}.p....1...{....<..g..-..f..g(...b.x..lt.I..vq.G,T..0R.HU.....S.dK.>.(...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.........9...}.>........VD..Q..'.!...Q.._.../.....R.........c.....7..3:...E...K..........a.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\it\Microsoft.SqlServer.Management.SqlParser.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):63416
                                                                                                                                                                                                                        Entropy (8bit):5.63844961498807
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Z2e+PyRa52NKyTMt5O0ekdleboW44mQa76ky1UlF7zWKd6jTDGQbAMsLCHji9zs:AaaKO/4mQai6dWKMXDGgsLU+zs
                                                                                                                                                                                                                        MD5:A81C47F4D324197B171B18E85DCB81F9
                                                                                                                                                                                                                        SHA1:6E804E69B919DC7FAD540A23389C4CE8A96FE419
                                                                                                                                                                                                                        SHA-256:57B9E914A5BBB643A9C03ADB8D19003238296A98C4F277A1BDE9524F050556AE
                                                                                                                                                                                                                        SHA-512:25DD9421F370CB3FF67E346A845EFC3F868589DDB6D4965A80EBCBA22FDB19C2B1864E60500D393B71D4093181ACBEC54582E4CB9672EFD58F77DD0B911D4201
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t.od...........!................>.... ........@.. .......................@............@.....................................O........................'... ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................ .......H...........<...........P ......-......................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....B.......PADPADP.]....*.t)......\../..(...~P.,.U.G[h.....8C..I............W...y..J.#Xs...w.r...........V...>{...0........t..]G......H....GU.........U'..].....K.i.K.4...y...5.....5..$..=b8.....X.#..gK...Gc..G.....A....+.:.A.W...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\it\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17832
                                                                                                                                                                                                                        Entropy (8bit):6.404093034737176
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:bvi1w5rFA8tH9zaqM04hmuVWhYMW2aabG+R00R9zou5:E2A8tH5aqM0wmEIzJ049zoY
                                                                                                                                                                                                                        MD5:20B4ABF2A03D144968895A7B9FC13176
                                                                                                                                                                                                                        SHA1:F602C19F17C46049DAE595A44FC82A9219819AF1
                                                                                                                                                                                                                        SHA-256:2AB0DBAADD6B3E4D35F58E640B9E9BAAC1D22432E397772E02C092FD8D0FAB2D
                                                                                                                                                                                                                        SHA-512:041D1CE0700452D3232817677DD106B527B7A2FA4F7F0BA512E37D00A793A490671F77C0756E23B0627B9E14E37E8FC4481507B787C5FD67EC9CAF04D96EC2FC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................2... ...@....@.. ...................................@.................................p2..K....@............... ...%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......D0..,...........P ..q..../......................................m..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\it\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14776
                                                                                                                                                                                                                        Entropy (8bit):6.585031574776941
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:kcwzFFky3xQaW0a8W1WGxVA6VWQ4eWLZ+Zmp8TKjX01k9z3AbFJYOKzo:kcgyyhQaW0a8WhxdOZ+sWAR9zgFJYO
                                                                                                                                                                                                                        MD5:C754959D01346DC3792242455FBF72D5
                                                                                                                                                                                                                        SHA1:600B8E91F1D227C9E66928472925BA67799962FD
                                                                                                                                                                                                                        SHA-256:348C9A83D8B73643D166BB8C9181DF31F75E5D09459D4A63D0816F1245B3C0CB
                                                                                                                                                                                                                        SHA-512:8BFDEB590637F10FDC57B303CB37B9D021A5AB34F440B49B1B8F7CC8B6C57C39484BB943DDAE4ABA0A34D50D9BCEA299216AE61C45F17CD1B4C64787791A0BE2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!.................(... ...@....@.. ..............................V/....@..................................'..W....@...................%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H........%..............P .......%.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.*...(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g.P... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\it\System.Spatial.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19856
                                                                                                                                                                                                                        Entropy (8bit):6.22772137669794
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:lXZa0wETCrAnAusLpJDZrWSVmWTD/HRN7VNlI2Z:hZPnTsLpJvLDvD
                                                                                                                                                                                                                        MD5:4314BE437DEC8C253DF9C79B69703F8D
                                                                                                                                                                                                                        SHA1:8653CB60B98EFD29BE573E4821525EADEB0C51B0
                                                                                                                                                                                                                        SHA-256:B44374F8D2E585A033C7BECEC4051D02F2D4BE432F2E41518DD50FFADB5D9C9A
                                                                                                                                                                                                                        SHA-512:92B356F066C8D25C9FE4CC42BFCB34957E793AED816D12166F6130CD569F01EB4B33667FC930194CF73C23262294C87C3C214456B950C3C9825A73CEC80596E7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F8`...........!..... ...........?... ...@....@.. ....................................@..................................>..K....@..0............*...#...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc...0....@......."..............@..@.reloc.......`.......(..............@..B.................>......H........<..............P ......T<.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADP4....~.U.$.g....>...j.......N..!...F+.-.`..}......v.".|.J8.........Rg.......5..1...-.J........L....-?..e.!Z.>&.:^(GdN)..2/.i.A.hsL..zL...V...Z.!I_..za..km.n.t5..v...|....................................6...w.......C.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\BrokerServiceSupport.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14920
                                                                                                                                                                                                                        Entropy (8bit):6.935755125455341
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:4w/ElRUcN1IYiArevTdAM+o/8E9VF0Ny1YWM:t/eRUcNCYiRvTdAMxkEgn
                                                                                                                                                                                                                        MD5:0C4F8F8519882EE08EA33BCB3C627E54
                                                                                                                                                                                                                        SHA1:7BB5D3BEBF4B586D33589A14FFDA0B2FD4AF0198
                                                                                                                                                                                                                        SHA-256:A1E0B90EE8993DC2CF7A780D0FAF4F31298F168C44207BA376B4490FF8FDAFFB
                                                                                                                                                                                                                        SHA-512:8728F8D96231B587CD632A21658F31A4208A6A973D07A3CCB0EDDB3DB34E8173FB7B55C5316BCA8D9F5987E9E4E4979C5E913157E5E8AB31758A9B91221866E8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.f...........!.................'... ...@....... ..............................8.....@..................................'..K....@..H...............H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B.................'......H........#............... ..>...P ......................................RH]..H.....{{..f..l....mz.../.....2N..P..8......a..#.:..-f.S.L9..'.w.c..|..^....6*..k...f.....oBx.....z..@....R.4.$...".<:..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.4S".4.XC.......T...>L.i.c.e.n.s.i.n.g.E.n.v.i.r.o.n.m.e.n.t.U.n.s.u.p.p.o.r.t.e.d.....HL.i.c.e.n.s.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Citrix.Base.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):11760
                                                                                                                                                                                                                        Entropy (8bit):6.5685782812321865
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:m8rhN5lvUkZbJpdDWpHJH476IUzuENfkMIZH5T:BLvUkZbJpdDGRtXNcMIh5T
                                                                                                                                                                                                                        MD5:A586197F9708F0544D72BFE115E31E00
                                                                                                                                                                                                                        SHA1:FF9B152EEB7057C81D6895C15E607B4608009848
                                                                                                                                                                                                                        SHA-256:3A6DAD4B258AD199891EF875D83EFB8607B6A6C18887D3E08B3BDEEC0E339EC1
                                                                                                                                                                                                                        SHA-512:7C5EB2FA2E0F34E0C1D8E52857DEC55841052E3280AF101611A700B4B2B1CB949155F8A3A677A3469AD1E9726085F08B8E478B880EA8A2FF70239A50DCF321B8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}*..........." ..0..............)... ...@....... ....................................@.................................\)..O....@.......................`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..............P%..p....(......................................BSJB............v4.0.30319......l...0...#~..........#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................T.....T.....A...........).....)...A.)...^.).....)...*.).................;.....;.....;...).;...1.;...9.;...A.;...I.;...Q.;.......................#.....+.....3.H...;.X...C.c...K.x...................................................t.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Citrix.CloudServices.Core.Api.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14240
                                                                                                                                                                                                                        Entropy (8bit):6.5180704575125
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:7I0qCmqUUZkJ1VIYiOjB5mM3cNcMIhfc:WqUUZkJ1iYiOds2MIhk
                                                                                                                                                                                                                        MD5:137E10627906879047737DB73A51FF97
                                                                                                                                                                                                                        SHA1:1E597B6915D33181C0E80CAAD39BF939357C14BB
                                                                                                                                                                                                                        SHA-256:6D4EDA7A1F299C8C43FC13BC7FE003D381E3A6A697AE375881F929BEE9A2E89F
                                                                                                                                                                                                                        SHA-512:75581FF8BB41BCEB9CB740E0D5EFC2B55EFF5E55092DDE6BB225176D9455A457BDABFE6653340632EA10CA39D507974B01961B9367563A3763697E821900C1CA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ic...........!.................,... ...@....... ....................................@..................................+..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......<'............... ..i...P .............................................-..Fw2.,.d-g...}...!H+0*fH......W....x.0.{......MJdS*{..2.p..f(M.....F.KD....q.}.<z7.x..."R...m..x.k./J...t*..W%e..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP6...k...V.....x.o.7....R.hg..z.&.H...W.J...<3...L.......q...................L...#.......u...*...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Citrix.CloudServices.ServiceRuntime.ApiClient.Core.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13216
                                                                                                                                                                                                                        Entropy (8bit):6.578699670301212
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:9ElXLSpzoHhJMxIYiYF80ag/5Y7OEtELLu9IlziENfkMIZH5q:9ElLuzoHhJMxIYiOjB5y9IlHNcMIh5
                                                                                                                                                                                                                        MD5:B1A09DA17F284586BF77F55F19C77628
                                                                                                                                                                                                                        SHA1:F7DB754ED29C7C07D2C4EDA6BBCA6CEBAE97C1B7
                                                                                                                                                                                                                        SHA-256:F39E881744DACD718BFF60A392D9978C1C76B04BD1371D6948E65EF39B3BDE9A
                                                                                                                                                                                                                        SHA-512:D43CCF4CBEC86F4A5710F2A00EE8BF6A2A46BCE4DE3FD93BB52971703D85980E60C60A13E08D784517C9DCEBD31D6B3FAA0A14133CD650572522B2B40ABD451D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d...........!.................(... ...@....... ....................................@..................................(..W....@..P....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H........#............... ......P ......................................p....."..S..5.g.. ..?2.8..%[../.....&...M.I.....cr.96.4#...aQ.CI.y 6......j...T.5.ITye....[.J.>.........pJd....>..x.<.....6................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP]...1..FX.b....V...).......$F.u.t.u.r.e.D.a.t.e.R.e.q.u.i.r.e.d.....(I.n.v.a.l.i.d.C.w.s.A.u.t.h.F.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Citrix.IconConverter.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16456
                                                                                                                                                                                                                        Entropy (8bit):6.90615907257756
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:DrO8jYyU4M/F+6E6cJaFIYiArev2AM+o/8E9VF0NyW2e:Dq8jYyNMd+6E6cJayYiRv2AMxkE6
                                                                                                                                                                                                                        MD5:B7D0E25A1A5C59F1EE7B42C2C7AC069D
                                                                                                                                                                                                                        SHA1:44126004F2AA61459053A04228F6D6F6D7965800
                                                                                                                                                                                                                        SHA-256:4E80704899D43FAD48745536CE4B3302C2C095175F85BFB40063226DD5CDDB6D
                                                                                                                                                                                                                        SHA-512:69F871AD9EE137C2601E2ACD1D4FA41FB442C8C6C0DA4E2B3E0587D2855D99899D3D5CA5B6CE38CA493DC521DECCBB6965C931EC40EA273098CC9E56BE71A67F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z.f...........!.................-... ...@....... ..............................,.....@.................................h-..S....@..................H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H........(..|............ ......P .......................................|z...e..,.@]i.....V5./"..e..4...&..,p.Z.p.K...D4....f.....T..o..3.q..o~X....)j.v;'...h.L.Y.Yf.{(............hwu...E.F..or"...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.......AW......?I...G.g..:`...~.8..!d.#A..#..\)7).5.3.S...y`...i.......B...........7...........

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\ConfigLoggingSupport.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):30280
                                                                                                                                                                                                                        Entropy (8bit):6.368959691758262
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:FnEyjGqBKlBvbFG9hSUci4YiRvVAMxkEl:FEyjGqBKlBvbyG17NtxZ
                                                                                                                                                                                                                        MD5:4C849E3D5A7972EACF979A414552FED8
                                                                                                                                                                                                                        SHA1:797BA0B686168AC3CDBAB470D82C75B18965B3E4
                                                                                                                                                                                                                        SHA-256:90DF4988244AF73F5AB8B32CD4081B06B05948945CD57CAB96E143773EADCD18
                                                                                                                                                                                                                        SHA-512:777C4FAE5DE3C94F3A89AD019AD3C5A1A8EAF003142805B83C920E84A052053362FF9AF4D191D5857A6DFEA5EA5553AB710B0D9402FA09690E22D8E65FA5DFB3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._.f...........!.....D...........b... ........... ....................................@..................................a..S.......H............N..H(........................................................... ............... ..H............text...4B... ...D.................. ..`.rsrc...H............F..............@..@.reloc...............L..............@..B.................b......H.......X]............... ...<..P ......................................0.\._.F.z.....]o.$.....8"`~c.....hL.....b...I1+]..L#.....'...E....Y.1f.K.$....:G.8...4.....A...t...*..c.E0.D.......a.e..w.<.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..+.i.]...z.)....#..$#.L3..q.{.i~b.N`..D..........3.o.)...;............z..p[.*1^..3..4:...+...VV.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\FmaCommonEnvTests.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36424
                                                                                                                                                                                                                        Entropy (8bit):6.311745617135321
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:EJdvitxhuE5vHdRtvgBgtVVYiRvIHAMxkEwy:EJdMfLrt4iD7NInxcy
                                                                                                                                                                                                                        MD5:4A95C6687085A600DE6B7418CBE5EE27
                                                                                                                                                                                                                        SHA1:71DFE82FE17312CE6687B87262549FFD7981F626
                                                                                                                                                                                                                        SHA-256:A32186D8A0AE8F04C9CD65975FF183702BD39C4DBF720A4CE5BB505B01940400
                                                                                                                                                                                                                        SHA-512:7C4B80636275534272239A0C314423E38F56D84A47070F38D7FD16F12538BE242F515A0D5030F8EACD1C5342CB92899D5071BC0EA5340B8CDB4AC1CE8313A66B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..\...........z... ........... ..............................9.....@..................................z..O.......0............f..H(...........z............................................... ............... ..H............text....[... ...\.................. ..`.rsrc...0............^..............@..@.reloc...............d..............@..B.................z......H.......P ..$...........t%...T...z......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................Z.....Z.....G.........../...../...A./...^./...../...*./.................A.....A.....A...).A...1.A...9.A...A.A...I.A...Q.A.......................#.....+.....3.9...;.9...C.K...K.q.......).L.........................................z.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\FmaConfigLoggingClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):15944
                                                                                                                                                                                                                        Entropy (8bit):6.827200612248168
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:sIptXlKWoAwpIYiYF8tgreRZc0xA5K+o/y2sE9jBF0Nyca6kPT:xt1toAwpIYiArevdAM+o/8E9VF0NyXfT
                                                                                                                                                                                                                        MD5:18B3F4E01A98BD0CD299A09FB47B9BB2
                                                                                                                                                                                                                        SHA1:ABC64C2116E704F902777170D2A82F479D1075AA
                                                                                                                                                                                                                        SHA-256:2FCC10F98FF0EF99BC52EFCDA6EBACA7DE72471ECA35AB9820B4CDF48F44C4FD
                                                                                                                                                                                                                        SHA-512:88C8B1FA262CA0269C74FCF63E7765A79C5A57891B8E8B48AB1A644397026D609AE543AD679A7DF7FDF8E9C49707CB2B77097977413FF109D1C6FF0965B9D278
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....6..........." ..0..............*... ...@....... ..............................v.....@.................................`*..O....@..T...............H(...`......D*............................................... ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................*......H.......P ..4............%..@....)......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3.................................................._....._.....L...........4.....4...A.4...^.4.....4...*.4.................F.....F.....F...).F...1.F...9.F...A.F...I.F...Q.F.......................#.....+.....3.9...;.9...C.K...K.q.......).L...........................................

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\GpAnalyzer.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17480
                                                                                                                                                                                                                        Entropy (8bit):6.738323251837507
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:bC3ddueIWVpIYiAreva5AM+o/8E9VF0NyiMmUv:YddBIWV+YiRva5AMxkEAK
                                                                                                                                                                                                                        MD5:1EBE0597863E3E589B6CE469AA6F777B
                                                                                                                                                                                                                        SHA1:6BA74558DD1B4206234A0B0D2AE2B082DBA389B9
                                                                                                                                                                                                                        SHA-256:390E7E49068DBA9C50764C064FFA88931607506A2067FED352EA15B091C34525
                                                                                                                                                                                                                        SHA-512:385F106617E8C9001B81C269F403B9123586DE53B1F0BE2C6861089225FBFB8E984F1978D1ED21F5C0FBA817C271F812DC11F55994BF9D9C04A9DB7D9A0C090F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^.f...........!................>0... ...@....... ...............................s....@................................../..S....@..................H(...`....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ 0......H........+..H............ ......P ........................................j...._.rwA...p..*...A...]..,..$n..jG...;.E....4.B.>......Z.s`s........_n..).......M}.....3....!/._G.7.,.O...}Ak9.A..G}N................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....".......PADPADP..a..!.*L=.u...V%;..Bb...t.U>E......=.Q.g....s...@Y..r.....3...a...o..B.e...(.b.`...B...D....%

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\GpDocument.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14920
                                                                                                                                                                                                                        Entropy (8bit):6.885829232510163
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:KW14MixcIYiArevCAM+o/8E9VF0NymeBY:Ks4Mi7YiRvCAMxkE7BY
                                                                                                                                                                                                                        MD5:16D1D43FBE572AD00E01F1FACEA0BA35
                                                                                                                                                                                                                        SHA1:C245CC9FC6C7D56960DE4DDD617E7923E8165528
                                                                                                                                                                                                                        SHA-256:6D1496129AEE15E02BBCA49D4CC569F8CAF11E5D1BFB3DBAC5373AB8AFA374B5
                                                                                                                                                                                                                        SHA-512:06C15A6FA8276E5FE2AC487406645DEF327C04E7509F2CB243CF6951187B0F8D49560D121D170D39428A5185EC2BB530300114D8BDD1EE62D1426022D144E6F0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............'... ...@....... ....................................@.................................T'..O....@..................H(...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......P ..............X%..`....&......................................BSJB............v4.0.30319......l...0...#~..........#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................S.....S.....@...........(.....(...A.(...^.(.....(...*.(.................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:.......................#.....+.....3.9...;.9...C.K...K.q.......).L.........................................s.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\GpfxSettings.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):694344
                                                                                                                                                                                                                        Entropy (8bit):5.693170692975535
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:7IrKcswy0sqCJIIeKeYA2PEWolfgraXD8BWQueeTL6jB2temOOh:cgA2PvolfgraXD8BWQFjB2tenOh
                                                                                                                                                                                                                        MD5:89ED964B3CC9C1F049DE9ACF5109194D
                                                                                                                                                                                                                        SHA1:60DDF5A8C86723E4CCD34364C5B351533203CD41
                                                                                                                                                                                                                        SHA-256:B58AD2B07EA4BB4A4E469E8C86FD41ABF7DCEC207E391568FBCD84ED3D855AA3
                                                                                                                                                                                                                        SHA-512:BA5C305E7D4682B88D8672B03CD2D024D69F1AAC1F1DC049633C32D2ABA421173363A9655F57240F4A153D77669C2D1A6396E6128B289FC41CC5F079609FA82E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.f...........!.....f............... ........... ..............................C.....@.................................T...W....................p..H(........................................................... ............... ..H............text....e... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H........}..T............ ...\..P .......................................O..|...Q.a.../~...W.F.@.9.v...........$.8e..j(x.,..~c%.../.H..8......._.-..Z......Q.05v..=..c}.}....7v;}.n.aQ;.:.`.2QxLh&?N.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.x..`.H..n......L....x......j.....1X1..YZ..x.......&-.....x!..a\.....*.$.R.*..hi..^..........S.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.Edm.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):74104
                                                                                                                                                                                                                        Entropy (8bit):5.822025168134447
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:LG4WZKIJyyLjFV+VsWXZWq3Bg5zju4A5XZO3epvDEi:LEKIJyyLjFV+VsWXZWqRgtu4A5XZJqi
                                                                                                                                                                                                                        MD5:6DE0B37CD3ECF9AEF6326D70F2A43075
                                                                                                                                                                                                                        SHA1:1D87A3CCE77EF6CBAD7AFB7BA0A896A3DAF07C67
                                                                                                                                                                                                                        SHA-256:396D052374D853020E81CEA5A4D7F526A86250C79C6D41023D10536B56B16067
                                                                                                                                                                                                                        SHA-512:B8F70993D980CF7F7A25C695E6C1DC3F3828E634D5AE24BE9FABE17047AC754B16C57A0A06F257D27B75E7552B0B4FCB98681D4BEB9F916A15463A4593228404
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G8`...........!..................... ... ....@.. .......................`............@.................................@...K.... ..H...............x#...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...H.... ......................@..@.reloc.......@......................@..B................p.......H.......H...............P ..u...........................................q..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..X.b.Y.Cym.n....;............s....^............Q.......3..F......Eq....3.. =.><N.@nT...%..=......z......i.F..A.|xZ...[.?>..n0..]>W..;..Y..MF.t.....h.u.i.lK=.E......J.......7..|...@.."L.c....H.....b...[G/.....I..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.OData.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):317304
                                                                                                                                                                                                                        Entropy (8bit):5.609823504361557
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:ihZga2HLUskRfg3quEDfvospdKCDptCwyheTEtrVIcJ79Pw+8E0bgpGG:r3rE2trVP5P38Ebpv
                                                                                                                                                                                                                        MD5:E02D98B955729C0D13F50EF715175250
                                                                                                                                                                                                                        SHA1:B9A3758BF9DBC70E1CD67A38821C14AD66282291
                                                                                                                                                                                                                        SHA-256:ACC45D6451C478001A6B3CE2A26814762D8666F1467A8EACF1FDC2A21383D81C
                                                                                                                                                                                                                        SHA-512:1A668061E46ACEF64BA00D167A3CD4EA74E5F0ADBEBB36594E52AEB5B884DFF26B4D10A2EA7F08979A65716615A17FCE079C1DE5B712346A14D3AC71EC017EA8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T@9`...........!................n.... ........@.. ....................... ............@.....................................W.......X...............x#........................................................... ............... ..H............text...t.... ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B................P.......H.......................P ..B...........................................>..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....!,..........R....!`......u.!...nI..iEs..K.".o.#....4.....8...Q.'....._~....&.Y.e.+.s..|{.........:"..O.(.5...E.am..C.M...Ve......"..8]..l....m.......|...........|..S.(..yx.*.......r]..{......_Ul......^..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.Services.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):73616
                                                                                                                                                                                                                        Entropy (8bit):5.889334217691994
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:H39YSip/LDBKGdgua5dZdJnw490Bap9Po9bWl4y/1SgEJE+4ejGeR5/IpNuINfrK:XqFV9KGGzJe5hyyE+4eLkFNfUH1DvRmq
                                                                                                                                                                                                                        MD5:FF7F57565A4BFD8D17396956E101CE51
                                                                                                                                                                                                                        SHA1:14E39325604876AE85EE264E45B504B56A91ABB2
                                                                                                                                                                                                                        SHA-256:5730AB36048756C97DA5E9F044A47764FAF1D8E00AF055F088F6F4B1E11A39CF
                                                                                                                                                                                                                        SHA-512:F3686739C5365DC21BD6A3E11ED0EDFF31CEB769817D940F4E9AA8FC130A8AF6563EAAC5FCBB272C01278677EB6F99561CC2C94F1B504C4106095E33804ACDB1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...EA9`...........!..................... ... ....@.. .......................`......x.....@.....................................S.... ...................#...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......................P ...... ......................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..j....?r..%.....A..K.....z..0Y...../...rB.+|.7i.......P.p.J.z|...........=..r...n...D......1BE..~......s..2E......H..@+.~.p.//...)...qu.....Fa..;..2u...!.....x+j.........#..:P.\AX...........T.W.......jh...\..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Microsoft.Data.SqlClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):286224
                                                                                                                                                                                                                        Entropy (8bit):5.842154949970451
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:4WeuRdcjmdzDnDggUgtIde4lHotz1LU98JobgOilrD4xc5E6XM8FBOb/H39rvzgH:Vesc8DggUgtIde4lHotz1LU98JobgOiv
                                                                                                                                                                                                                        MD5:5DB93E28C175E8198D6858964CA2CEB3
                                                                                                                                                                                                                        SHA1:9EDA38B7F230B3D47C64CC5D5D304B6E31221C59
                                                                                                                                                                                                                        SHA-256:49B59B2C9BBDC1431F5696866BACA3F8654CFB7EACFF0C7CD16BCD216776344C
                                                                                                                                                                                                                        SHA-512:D43CC2C3028ACF2B069D87B6A5071E34AC365428AC65B1FFF325B55B4147A09FBEB51C7F1A852487735DB0BAE94D7A7839EB03D495DF9FAF5BE39319D71A4C7B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..e...........!.....,...........K... ...`....... ....................................@..................................K..K....`...............6...(........................................................... ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................K......H........G..x............ ..E&..P .........................................v.;...^XU/..t...pe.Ueg.F.N...w..VD.S.e...}......g-.:.B03......$.tIU.px...NK.......].5.O..?.s7...=...pF[.{...A{....AA&.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.........9...}.>........VD..Q..'.!...Q.._.../.....R.........c.....7..3:...E...K..........a.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Microsoft.SqlServer.Management.SqlParser.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):69040
                                                                                                                                                                                                                        Entropy (8bit):6.111029426960652
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:w2RsdxLuf95iuJ/ZYNGIPwDDG+3O64OB+EPfRZ8tbnxbj3Jfbt7L9049zOI:THSkmOv4OB/fRZgbxbb7LewzOI
                                                                                                                                                                                                                        MD5:DA4622EDFEE2BF625E2CEB19CDA23AEF
                                                                                                                                                                                                                        SHA1:A9F7004A3C3DE1AB520767EB7DBA2FEFECAD6E88
                                                                                                                                                                                                                        SHA-256:40A01408E0F7889DA0D8E7DABC25B041158C5749BEC015B176E32CA6E0E3ACD0
                                                                                                                                                                                                                        SHA-512:404641BFA1C901D6CA1A1A898000C8EA3C3F038A8391C8DA88C9166F8582CD832EFC96823F2F653923497C80EBAAC42B623BCB9E3CD68C05D0D726C36EC21FCC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.od...........!..................... ........@.. .......................@............@.................................d...W.......P................'... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc....... ......................@..B........................H.......(...<...........P ..W...........................................S..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....B.......PADPADP.]....*.t)......\../..(...~P.,.U.G[h.....8C..I............W...y..J.#Xs...w.r...........V...>{...0........t..]G......H....GU.........U'..].....K.i.K.4...y...5.....5..$..=b8.....X.#..gK...Gc..G.....A....+.:.A.W...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17832
                                                                                                                                                                                                                        Entropy (8bit):6.666526707660504
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:0Xi1JqqE0vHfrCfWT3Wh7MWHaaboW+Hj+R9zB+e:0ALXrC+exzsHji9zAe
                                                                                                                                                                                                                        MD5:4F7DE1A41D373E9E5F1D060F5EB6C76F
                                                                                                                                                                                                                        SHA1:703CAFEEA7C82E5FDA67AF10A29877050302C4E4
                                                                                                                                                                                                                        SHA-256:DA8C029C4C21D964EBA08B45C06C5AD33633AD95AB8B6F28807F2FCA74E45C63
                                                                                                                                                                                                                        SHA-512:EFDFE58479C8A0850821AAFFFFBFC46CB24396C0B040301B82D795BC3E2B3CE8EC9689BBFC232A039C7FE208051F98198B0DFCD108CD5517FD5D9DF9C433FD2E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................^4... ...@....@.. ...............................Z....@..................................4..S....@............... ...%...`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@4......H........1..,...........P ......Y1.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14768
                                                                                                                                                                                                                        Entropy (8bit):6.698278803153964
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:VcRYYwOsxKqW0X8WoWGxVA6VWQ4yW/+h+kSobX01k9z3AwwyV:VcyfO6KqW0X8WwxdtK+R9zzt
                                                                                                                                                                                                                        MD5:F6364B1BBBB940A191959576A35C4773
                                                                                                                                                                                                                        SHA1:DF3CA03CB59D3CC1777F0FA3C3AA9AC952A5C5CD
                                                                                                                                                                                                                        SHA-256:8D006B226846076E221371E5D74359730C6758033200C083D420496DA32B72B5
                                                                                                                                                                                                                        SHA-512:FF80FE518BDB32907516FBC7A9FB89F5E517BC94621546F0D47145ABF170E7A49E60902507696E9E6A03DF81FDFC4670A097D4121C28DA5D49F5834371203FEB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!.................(... ...@....@.. ...............................G....@.................................`(..K....@...................%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......L&..............P ..z....%......................................v..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.Y...(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g..... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ja\System.Spatial.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20880
                                                                                                                                                                                                                        Entropy (8bit):6.470382517095509
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:JXQzj6XNNfs5rWS8cWhyD/HRN7lIrlMtm:lQgfzuDvdm
                                                                                                                                                                                                                        MD5:6358462D6E67042C1094978BC9984764
                                                                                                                                                                                                                        SHA1:C3CDA675A8C0979876583B092FF6E7FFDDE375C6
                                                                                                                                                                                                                        SHA-256:667D7441F668EDA13F3ADC6EA75796529ABE109E063893F56A6AFD4DA6CD993F
                                                                                                                                                                                                                        SHA-512:90B92FE72AC1C745EF06C0DECBD2B505D69243E8B44CC505F6F86D31ED3643AF9F887E7361ABFA49C41511A939DA76E54218B752607BD04AFD6B2D3FF08697D1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F8`...........!.....$...........B... ...`....@.. ....................................@.................................\B..O....`..(................#........................................................... ............... ..H............text...."... ...$.................. ..`.rsrc...(....`.......&..............@..@.reloc...............,..............@..B.................B......H.......p@..............P .......?.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADP4....~.U.$.g....>...j.......N..!...F+.-.`..}......v.".|.J8.........Rg.......5..1...-.J........L....-?..e.!Z.>&.:^(GdN)..2/.i.A.hsL..zL...V...Z.!I_..za..km.n.t5..v...|....................................6...w.......C.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.Edm.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):68984
                                                                                                                                                                                                                        Entropy (8bit):5.896452016398392
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:LiW59BlclZfaW5AHwe//18K56eEuZNYG/WMmiePPgbLI0Qwp4KvA:L19BlclZfaW5AHwe//18KECNrXfHI0Qz
                                                                                                                                                                                                                        MD5:DB2C8E9EAD91E04227E7BE04EFD08245
                                                                                                                                                                                                                        SHA1:470249E6B50DDD8A0E0BD715069F9CBE086ED759
                                                                                                                                                                                                                        SHA-256:C8E95B95105ABDF97C9039EEBEBF74D75BC54E28F8EC70DB9737BDE8027BA640
                                                                                                                                                                                                                        SHA-512:D2107E1FB4370F20192D59813EA9576AE9241F6379D9DCFE001D1EAC41F5EB66D5DACD24AB76D3452F3D8CA76057B1217CBE2FE2D6ADFEAC12188AC4164B6DF0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G8`...........!..................... ........@.. .......................@.......G....@.....................................K.......@...............x#... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc....... ......................@..B........................H.......................P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..X.b.Y.Cym.n....;............s....^............Q.......3..F......Eq....3.. =.><N.@nT...%..=......z......i.F..A.|xZ...[.?>..n0..]>W..;..Y..MF.t.....h.u.i.lK=.E......J.......7..|...@.."L.c....H.....b...[G/.....I..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.OData.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):284024
                                                                                                                                                                                                                        Entropy (8bit):5.776432042952331
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:ur24SNEkcmWc3G3oeYHfDvEbuguhFLfAjFy+3y7aso2YJReJD7Z1QTizplgrbf4n:QSNEkcmWc3G3oeYHfDvEbuguhFLfAjF6
                                                                                                                                                                                                                        MD5:78F405EEF31E50E41B0D1BAF226FAFF4
                                                                                                                                                                                                                        SHA1:1600853D3C83862A026A69A0C8FD9DD358727B80
                                                                                                                                                                                                                        SHA-256:42110B29D1FEBF25CAF327A479B0951689E42499A2C2269D378F78CA48159D63
                                                                                                                                                                                                                        SHA-512:C544C97E0E609BEA7237F3CD4CB327CFA28AB0543A49561EAD057B0EE7DCE4E7702733BB64A9CCFF8D5E23BD22C3918A5F1B0E373C6C96B92004A68F733285C7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...o@9`...........!.....(...........G... ...`....@.. ..............................X.....@.................................pG..K....`..P............2..x#........................................................... ............... ..H............text....'... ...(.................. ..`.rsrc...P....`.......*..............@..@.reloc...............0..............@..B.................G......H.......pE..............P ...$...D.......................................$.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....!,..........R....!`......u.!...nI..iEs..K.".o.#....4.....8...Q.'....._~....&.Y.e.+.s..|{.........:"..O.(.5...E.am..C.M...Ve......"..8]..l....m.......|...........|..S.(..yx.*.......r]..{......_Ul......^..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.Services.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):66960
                                                                                                                                                                                                                        Entropy (8bit):6.063917411004317
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:LAANlST3FuYCee8o/L84H27UUQ2Kaiuapf3MVaxHnmxw26jvJR2qXGwAWwpGlACc:MANYT3FuYCN8o/L84H2QUQ2piuapf3MH
                                                                                                                                                                                                                        MD5:BE5FB80D2D4430E661A024FEB8D819EC
                                                                                                                                                                                                                        SHA1:1C969D8FA10FCB31DAF517CCADEAEBA8859752B3
                                                                                                                                                                                                                        SHA-256:E30CDFAC3D516DABD7BA81A4FEBF9A426AF3804674E55DB238BE9736E90FE450
                                                                                                                                                                                                                        SHA-512:BD38187A70C68084FBC2FF968E0CE13756D67820AFD250D9C2149733C752FFB17CD4DB1BFDFD407B6F1B6DE01963D91DD4E2D0E809EC127CC942F559C02730B1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^A9`...........!..................... ........@.. .......................@......0.....@.....................................K........................#... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...............P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..j....?r..%.....A..K.....z..0Y...../...rB.+|.7i.......P.p.J.z|...........=..r...n...D......1BE..~......s..2E......H..@+.~.p.//...)...qu.....Fa..;..2u...!.....x+j.........#..:P.\AX...........T.W.......jh...\..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ko\Microsoft.Data.SqlClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):264840
                                                                                                                                                                                                                        Entropy (8bit):5.9703100875948065
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:tWeuRTjnp1or+D2gigk/h+TgGecoOrl/Fi2JgiT4n6c6q7hasJvbwHrYx61i5ic+:8es2+D2gigk/h+TgGecoOrl/Fi2JgiTN
                                                                                                                                                                                                                        MD5:F59FA6D6186CCA49CB52E26E20BE6902
                                                                                                                                                                                                                        SHA1:FE29610E3380B301CD4AB423FA9BC1BB2501BE0C
                                                                                                                                                                                                                        SHA-256:DB264D89A50D6FF6BF35E5044F32C494E61CCBEB18A0947E6285D45C9BE8B1F0
                                                                                                                                                                                                                        SHA-512:20F607F158A5E99A4A21949B7D7A6625021F3388076EED759A3D7BFCEECBD7F403A2CFDA8922E5B598DC5059922FBE8B11E985F6EC8C7CCECA012A3CFE2E5BCF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..e...........!..................... ........... .......................@......A.....@.....................................S........................(... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......@...x............ ..p...P ....................................../.....7..(._b.(...D..R.tZ..z. e..$|.b.F..tx.t.)..0...Kf..2..3'..t.85..kLE.h..f(.N?w........../s.8.v.d.X..5_R...A......ym.V<l..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.........9...}.>........VD..Q..'.!...Q.._.../.....R.........c.....7..3:...E...K..........a.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ko\Microsoft.SqlServer.Management.SqlParser.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64432
                                                                                                                                                                                                                        Entropy (8bit):6.238171726809891
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:Ghr0yAXCKIlEVszLxnYXNQr80Y7CPaLYwzOI:c0yAXCKlsA8akwv
                                                                                                                                                                                                                        MD5:4E0FC6F4D8A8CC93BB90EA454181C21A
                                                                                                                                                                                                                        SHA1:BA2FEDDFC7354E246F04E4806B16A362EA73BFC8
                                                                                                                                                                                                                        SHA-256:F6344EC78C6536B3225EF6D7BAF734899833EF3F3B0EBD54FE38364F14AA32F8
                                                                                                                                                                                                                        SHA-512:6EA46F0E2AF83B652B412FE33D265BCFC70C886AB2381D48733453551B7750B3D603FE9C8B2B09A59B1020020DB5AEE1E862E24C089486B8CEAB6A411FCA4DBB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.od...........!..................... ........@.. .......................@......OJ....@.....................................O.......X................'... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...X...........................@..@.reloc....... ......................@..B........................H.......p...<...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....B.......PADPADP.]....*.t)......\../..(...~P.,.U.G[h.....8C..I............W...y..J.#Xs...w.r...........V...>{...0........t..]G......H....GU.........U'..].....K.i.K.4...y...5.....5..$..=b8.....X.#..gK...Gc..G.....A....+.:.A.W...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ko\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17320
                                                                                                                                                                                                                        Entropy (8bit):6.757748895217137
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Di1+EQlS2CqvZ0WQZ6B4lvTWhIMW6aabCS+Hj+R9zBke6:M+PCMZ0WQIB4l50zmVHji9zf6
                                                                                                                                                                                                                        MD5:6D31A905C2DC1997C3856D8EF0C22F26
                                                                                                                                                                                                                        SHA1:EE4FDBF6D676E4C9ECA7BBED33A1808DC722521B
                                                                                                                                                                                                                        SHA-256:657B883753E1D9FBCFB3774AD303DB473EAE25B03D653B90DF73AFFAEA775DFB
                                                                                                                                                                                                                        SHA-512:93682225ED5D818299030E12EDFBB7CDC115885BCFB7CF2D2F465F188695BEF07001F28203069957C920591751A0BC2F914103D221A641AC0454FCCEC40430FF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................2... ...@....@.. ....................................@..................................2..O....@...................%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......p0..,...........P ......./.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ko\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14712
                                                                                                                                                                                                                        Entropy (8bit):6.659076628175672
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:6kc+BYrXIzx2qW0X8WqAEWvkJ0f5AbVWQ4CWDgkByGI+X01k9z3AbQgzacL:6kcNrXIt2qW0X8WLQaabUtNrR9z+QgOk
                                                                                                                                                                                                                        MD5:1ED8A41EF40FC43611FC7CAC3E4D6800
                                                                                                                                                                                                                        SHA1:657C7F35630BBDC66FA4C819C97CEC697862A1E6
                                                                                                                                                                                                                        SHA-256:26D251C3221516ABE6FDC439858B8048D96D821DA8DA9494B28FD260048AB056
                                                                                                                                                                                                                        SHA-512:54E345E87D572FD1F4DC202266E3AA48EDA612D1AC24461BD5F5F559FDF0D162A1A6404C62E1CC146310798A5B5EE182816F16352199F03EABBB97EFFECE071C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!.................(... ...@....@.. ..............................~.....@..................................'..O....@..................x%...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H........%..............P ......G%.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.@...(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g.m... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ko\System.Spatial.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20344
                                                                                                                                                                                                                        Entropy (8bit):6.518834273342429
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:kXGDzvYsMpVy2dqKfjTTPNrWSvmWbD/HRN7W3U3LlkQdSU:UGJ2dqKfjTT1TDvmI
                                                                                                                                                                                                                        MD5:C1EAFEA2C273928BC89CBE6CFAD4082A
                                                                                                                                                                                                                        SHA1:72C27238110A72FA63480F816B32C9EA8A503E66
                                                                                                                                                                                                                        SHA-256:0FFE8EF0A169544C91A151194323CE650E48817B728FC93A99850E90EFE413B7
                                                                                                                                                                                                                        SHA-512:FBF0C5017632C494D18EFF113E912175E5892812EA38F03C192D8E3215ED986B6C42F01C4F166EBFC4EDCE233AE9CDCB3DD2612D0EDD85D5895092A58E50C70D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F8`...........!....."...........@... ...`....@.. ...................................@.................................p@..K....`.. ............,..x#........................................................... ............... ..H............text.... ... ...".................. ..`.rsrc... ....`.......$..............@..@.reloc...............*..............@..B.................@......H........>..............P .......>.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADP4....~.U.$.g....>...j.......N..!...F+.-.`..}......v.".|.J8.........Rg.......5..1...-.J........L....-?..e.!Z.>&.:^(GdN)..2/.i.A.hsL..zL...V...Z.!I_..za..km.n.t5..v...|....................................6...w.......C.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\pl\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17784
                                                                                                                                                                                                                        Entropy (8bit):6.479300417534518
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:kOpi14nvfOaHC/OqiWh7MWoeaabjtdVUB3R9zFG:kOKki/9VzbVUP9zE
                                                                                                                                                                                                                        MD5:9D70C37D6BA1D8F06C6794AC63A5D6D9
                                                                                                                                                                                                                        SHA1:BB7F52CAD6B05C82426C80E36A35F42B19735384
                                                                                                                                                                                                                        SHA-256:2B22EEE4DED5DD04A6FB91EA91F51C8EE1A4785AC9CCD7B8FACAE0446337DDF7
                                                                                                                                                                                                                        SHA-512:32D59701BFFF0710F98044951938C19B4211BA5A7CD3EA71B3228B77B7B7E002A4A8F842BAAE23EFB2C0203694ECF6162CFFA0BBF8FF4F2EDD0BDFC5C493C941
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................2... ...@....@.. ..............................l|....@.................................P2..K....@..@............ ..x%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................2......H.......$0..,...........P ..T..../......................................P..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\pl\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14728
                                                                                                                                                                                                                        Entropy (8bit):6.641687902347687
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:LcXy4UAx0W078W2FWGxVA6VWQ4+W45m0yGI+X01k9z3AbQNT6:LcXjUe0W078Wkxd5k0NrR9z+QN
                                                                                                                                                                                                                        MD5:86FF41F74245798DF2FEEFCAB547A5B1
                                                                                                                                                                                                                        SHA1:16C0D0E4BAE1E03F84E3A8E4E193B4C548A705F5
                                                                                                                                                                                                                        SHA-256:E1D5D9A9009427BF9F79E770A0DA6CAD17EE6ED7B37FA6EE24ACE8FE2DD65B5D
                                                                                                                                                                                                                        SHA-512:7455FEEC0542DD069407760E497A4B826411484E0BC1B762BE4A292859E70488B5AAAE94F568A1906E83EF0BB28003F0C28BE924DD766BD6C9706F7458BFAD59
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!................n(... ...@....@.. ....................................@................................. (..K....@...................%...`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P(......H........&..............P ..<....%......................................8..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.=...(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g.|... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\protobuf-net.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):297560
                                                                                                                                                                                                                        Entropy (8bit):6.63984686008641
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Ws9o38N4o37q+5tdwTjJ7aplFC5VgG/lo9J:Oc5tduju8VH/lcJ
                                                                                                                                                                                                                        MD5:9EBFA0174D9EB54114C0A9DC790A3806
                                                                                                                                                                                                                        SHA1:30A0E33D9D85F9EEA3BF849646C56DF1D15196C8
                                                                                                                                                                                                                        SHA-256:718DD2EC29523B912A10580CAC7B651CA6C6F3086DEDAC3F7C7507341F3EBFAE
                                                                                                                                                                                                                        SHA-512:5002F1E4A078C8915FD32E4F3D988D8E53D86DFA69F814E4ABC1FAAB96690B75D484BD3440E68806EC9475B29F30BFC9BBA0A770D5A1223CC9AED6C920AD73E5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H............" ..0..X..........vw... ........... ..............................).....`................................."w..O....................b..X(..............p............................................ ............... ..H............text...|W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B................Vw......H.......$8..p.............................................................(Y...*..(Y...*..(Y...*..(Y...*V!..>q.[...sZ........*:.(Y.....}....*..{....*..([...*....0...........o.........(....*&...(....*..0.._........(........!..Y.5)....(..... .....~\...(...+*...(]...(....*r...p.(.........@...o^...(_....(....*..0...........o.......(....*..0...........(F.......$..Y.5\...........~\...(...+...(....*.(......!...........!..........+.~`.....+.~a.....+..(b.......*r/..p.(F....@...(c....(

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\protobuf-net.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):286808
                                                                                                                                                                                                                        Entropy (8bit):6.5396018402337095
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:REhfaAGys6YWGXRqgZZ9lHb+ollMWsPPs:Dv3cw9lHbvlMfPs
                                                                                                                                                                                                                        MD5:59DB0E0571D4A66060ABF1C99ABF2B37
                                                                                                                                                                                                                        SHA1:B686EBCD59C1C56191114DD888FE7950320BBF6B
                                                                                                                                                                                                                        SHA-256:874B082E81542A6FEDE4FC3E560109C423A6A49BC35E9A89B6CAAB9C25A0E874
                                                                                                                                                                                                                        SHA-512:FF04F4599958065ADC9FA18BE591773223AC6D532DC7D215561F65EC38B631AF93237657A1A3A452ECD4DF16B0679A2D143A6173BE393E5CA89640D69723A1F5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............~M... ...`....... ..............................{6....`.................................*M..O....`...............8..X(..............p............................................ ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B................^M......H........~..@...................@.........................................{2...*..{3...*V.(4.....}2.....}3...*...0..A........u........4.,/(5....{2....{2...o6...,.(7....{3....{3...o8...*.*.*. Z$P1 )UU.Z(5....{2...o9...X )UU.Z(7....{3...o:...X*...0..b........r...p......%..{2......%q.........-.&.+.......o;....%..{3......%q.........-.&.+.......o;....(<...*..{=...*..{>...*V.(4.....}=.....}>...*.0..A........u........4.,/(5....{=....{=...o6...,.(7....{>....{>...o8...*.*.*. ... )UU.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\pt-BR\Microsoft.Data.SqlClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):252552
                                                                                                                                                                                                                        Entropy (8bit):5.284806345975782
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:1WeuRTj9u8XPd8gdg2UC4WWzyDJVn0v//kogL1EaAE8iqBIp4BLzEorS:EeoVd8gdg2UC4WWzyDJVn0v//kogL1EI
                                                                                                                                                                                                                        MD5:8E4A3D8903B506F865D52A68E6291DEA
                                                                                                                                                                                                                        SHA1:D0558C3B8632A7739C12821C5A4137ACA39DD1BF
                                                                                                                                                                                                                        SHA-256:E9B61C6E6F98601B98F066D069C5373A23C431DB4356260A9DB5946BCF4C4FE0
                                                                                                                                                                                                                        SHA-512:E506CFEDB45B148094892229794AB2DA03FA372EC286B876288F1CC5FF5594E54B0AB8D2A00538BEBF2B3928988B6EB275B004621AAB620292EC1AED5FC576F6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;..e...........!................~.... ........... ....................... .......r....@.................................,...O........................(........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................`.......H...........|............ .....P ......................................7+..<h..0PV...R.Z>h.....72..hEFQ...,.E'..`..}..aus....%..&:..+_V....=..W3].n.K7..HNr....h?...t.$.U.\(>..5..|Q.V....`.>~.i'..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.........9...}.>........VD..Q..'.!...Q.._.../.....R.........c.....7..3:...E...K..........a.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\pt-BR\Microsoft.SqlServer.Management.SqlParser.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):62384
                                                                                                                                                                                                                        Entropy (8bit):5.716086002016108
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:vG2aRvs3voODoAILNob8lRSQL6YULBwzOyL:O2aRvs3voODoAILNobIRSQL6YUFwv
                                                                                                                                                                                                                        MD5:AA01ACA3A52F9C91DE74E2B3C0403C1A
                                                                                                                                                                                                                        SHA1:F4FC6FF9B4FB9F979142334F941A77E89FC97A49
                                                                                                                                                                                                                        SHA-256:7F63ACAB35564254D40CBAA433E532F5D653D732D8478AF5A5FBFDF15DB41792
                                                                                                                                                                                                                        SHA-512:67BCC7AD9E7A3630D8A6B4AAE5D8276600E8483BC07DB7036BA9BAB54B8F89EDB9934A28C5DACA702B6D636E921181E73B0B37B7B73453A01D7CACA526C387B3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.od...........!................~.... ........@.. .......................@............@.................................$...W........................'... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`.......H...........D...........P ......]......................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....B.......PADPADP.]....*.t)......\../..(...~P.,.U.G[h.....8C..I............W...y..J.#Xs...w.r...........V...>{...0........t..]G......H....GU.........U'..].....K.i.K.4...y...5.....5..$..=b8.....X.#..gK...Gc..G.....A....+.:.A.W...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\pt-BR\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17320
                                                                                                                                                                                                                        Entropy (8bit):6.490220976400999
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ci1VqZx+HActmgIMzlk/WhUMWpaabufR00R9zoulhF:vPHA/gIMzw/zqp049zoghF
                                                                                                                                                                                                                        MD5:23BBB835302CEA7D2229E4F30507C3C1
                                                                                                                                                                                                                        SHA1:CBDDC31E40DA264F98D6A5FE29BAF471FD856CFB
                                                                                                                                                                                                                        SHA-256:BBB21455FBF17CA3CC3DB9AB8BC8802A71A2814B88D15685481801F0F1F4D755
                                                                                                                                                                                                                        SHA-512:4C919528E3B5112F58A6FD0BCFA3D4ACC2D5D5CD6239FD4C4BB7218866C42529C4EE16537E68529845C36658EAB60664A55DE643B5A5A4E8DBB8E2BCEAA04701
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................1... ...@....@.. ..............................k_....@..................................1..K....@...................%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......`/..0...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\pt-BR\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14712
                                                                                                                                                                                                                        Entropy (8bit):6.578701635000726
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:pOfcUQip0UgxTW048WKyWvkJ0f5AbVWQ4+Wu0mWHq4NPsWFX01k9z3AcpRBjJssa:pmcxU+TW048W9aabaqq1FR9zdpRtJW
                                                                                                                                                                                                                        MD5:ACC39C0A1ADFF709C2A66C2470DD9A19
                                                                                                                                                                                                                        SHA1:7BEC2C740CC57419FE19BD972F688D19B7879A4D
                                                                                                                                                                                                                        SHA-256:B0B296A76FD5B00027896169CF4665BDFC00F1DED1FA5223E9308BFFAEE6A76C
                                                                                                                                                                                                                        SHA-512:C4084715CC17672373EE86F2E1196414F94162E5ED88F673CA85827725B3464FD980EFD571255C29245C0EFD316D120B63E78B66C32C792E5C48A641877F7B6A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!.................(... ...@....@.. ....................................@..................................'..W....@..................x%...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H........%..............P ......&%.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.+...(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g.O... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.Edm.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):82808
                                                                                                                                                                                                                        Entropy (8bit):5.473752848301619
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:LnPyWImhA5Stjks/JSOIMQaupQKr6nET3rzPaQUFRuoSsv4:LnPEmhA5Stjks/JSOIM7qr2ETbzPa3Fc
                                                                                                                                                                                                                        MD5:50FCCB611BCC0D23C6A3C7FF01A1ABCC
                                                                                                                                                                                                                        SHA1:C826BC88270AF96BEF9EF4ED00760711B7BE4DB2
                                                                                                                                                                                                                        SHA-256:219348D3E35373A7C524BE53E66D301C171E3867E3B661671134DFBD7E6EBA80
                                                                                                                                                                                                                        SHA-512:BE241CED77CD74BB2F2F6BDA83A823E370924051221BAF18CBE663046A6C545A92E8AFD21C92D341EA824C5E0EF44073E151E7826C1DD193B4958F722DDCE424
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G8`...........!.................4... ...@....@.. ...................................@.................................`4..K....@............... ..x#...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H.......h2..............P .......1.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..X.b.Y.Cym.n....;............s....^............Q.......3..F......Eq....3.. =.><N.@nT...%..=......z......i.F..A.|xZ...[.?>..n0..]>W..;..Y..MF.t.....h.u.i.lK=.E......J.......7..|...@.."L.c....H.....b...[G/.....I..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.OData.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):357240
                                                                                                                                                                                                                        Entropy (8bit):5.189275457421004
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:+9gy5ov8utAUa/sluHaOkQBiDerKub61kPQ:9y5ov8utAUaEEHaOkQBiDerKub61kPQ
                                                                                                                                                                                                                        MD5:F21F639769DDB35A61691E91AB3D104A
                                                                                                                                                                                                                        SHA1:56DD1E93B7F995848C0009CAD4650919DD97AC4F
                                                                                                                                                                                                                        SHA-256:8AC2B34D41E30FFB4FE544AFFE641292E1AB4A712FF27C3907106133E9854450
                                                                                                                                                                                                                        SHA-512:D3ED87F58145D33CB829B003E8FB27AE2A8FDB547F5BD5B1C29F9819485D7AE08A0F4A0B504C0006E7171F2E3781408C5C56B3B35B29C53C56A32D79B4867833
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s@9`...........!.....F..........Nd... ........@.. ....................................@..................................d..K....................P..x#........................................................... ............... ..H............text...TD... ...F.................. ..`.rsrc................H..............@..@.reloc...............N..............@..B................0d......H........b..............P ..0A...a......................................,A.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....!,..........R....!`......u.!...nI..iEs..K.".o.#....4.....8...Q.'....._~....&.Y.e.+.s..|{.........:"..O.(.5...E.am..C.M...Ve......"..8]..l....m.......|...........|..S.(..yx.*.......r]..{......_Ul......^..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.Services.Client.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):81784
                                                                                                                                                                                                                        Entropy (8bit):5.544676133750194
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:FGqF7Wtzdf04nGdtxZdGnoHD+MIK0kyuroJDvk8x5Eh:xSds4GdtxZdGnc+IyuE5vkIE
                                                                                                                                                                                                                        MD5:9E4B12439D9C4883B21AA1A99F5D746F
                                                                                                                                                                                                                        SHA1:7BACB6425AC8AF8FE9F218042263FBBC9D6ED8D3
                                                                                                                                                                                                                        SHA-256:A4325321CB5EE2371C1BA10EAF621F35F49F4C7FB45486871F444F2AE753311C
                                                                                                                                                                                                                        SHA-512:261FBF6913434185C4FA6279F4CF4FA280DC1CB625A33D534616300EDF97E7DB406C4751FBFE32B9CA19F1728C39761F8202F12B6920151EB4350AB128422F15
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...aA9`...........!.................0... ...@....@.. ....................................@................................../..K....@..................x#...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H........-..............P ......6-.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..j....?r..%.....A..K.....z..0Y...../...rB.+|.7i.......P.p.J.z|...........=..r...n...D......1BE..~......s..2E......H..@+.~.p.//...)...qu.....Fa..;..2u...!.....x+j.........#..:P.\AX...........T.W.......jh...\..

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ru\Microsoft.Data.SqlClient.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):341520
                                                                                                                                                                                                                        Entropy (8bit):5.3345551949262635
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:QWeuR0YyxxyUD9npg3gtXp6Miv1KbvjcPFiSt1gOgyzrpe3IVdE8i5LGJ9V0/2DW:Ne0Wnpg3gtXp6Miv1UvjcPFiSt1gOgyo
                                                                                                                                                                                                                        MD5:2EA2634505DB15192406B4EEBEC85F0E
                                                                                                                                                                                                                        SHA1:8BB09EE5A1BC74D9C14239460CC2E534D4A3ED05
                                                                                                                                                                                                                        SHA-256:68305E004F955B86D6ADAB087D6BFD5A33DB4E99DE086CAEDF04BA856987B0B3
                                                                                                                                                                                                                        SHA-512:1BA053F507E9DEED1BDD73A6C908C8C6D3C5810A7535DB8A1A700493F01F126B6463A8B6B384766A8A75ACDBE1BF622EB2DF263E19591208128D33F3FE1B4B1E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;..e...........!................."... ...@....... ...............................k....@.................................t"..W....@...................(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................."......H...........x............ ..*...P .......................................h..N...._..XV}(..(.Df.X...V.......(...:...........Q.)3....A7cc.k...v[..H..N...^.h.7.&0.H(..:..0$.]<......].q-..u.......&..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.........9...}.>........VD..Q..'.!...Q.._.../.....R.........c.....7..3:...E...K..........a.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ru\Microsoft.SqlServer.Management.SqlParser.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):79752
                                                                                                                                                                                                                        Entropy (8bit):5.698709570077113
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:2TtTUz1PDQYy76Lo1DNLxoaMPRbZ6mDL5jzR:etQz1PDQY46Lo1DFxoa6RbZ6mDlj
                                                                                                                                                                                                                        MD5:23FCA2ED889D3F39DB52215D04E36BC0
                                                                                                                                                                                                                        SHA1:FF563A84131C67E2958E49AFD646D24E97A4A915
                                                                                                                                                                                                                        SHA-256:EB545B32E96D1604A3635ECAE7BB4B7B2854742C7C39EE681D4F3B31F317EA58
                                                                                                                                                                                                                        SHA-512:3BCCFFEBDBEBD3B27C6246FAC6CDB83943FA5AD7C9E93C94B1010F0DA23D3954056CDDCA33A4F02CC15DAA745A1268FB98DA5BB37C7B076856F68721D405AC7C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v.od...........!................>%... ...@....@.. ..............................Sl....@..................................$..K....@...................'...`....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ %......H........"..<...........P ......1".....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....B.......PADPADP.]....*.t)......\../..(...~P.,.U.G[h.....8C..I............W...y..J.#Xs...w.r...........V...>{...0........t..]G......H....GU.........U'..].....K.i.K.4...y...5.....5..$..=b8.....X.#..gK...Gc..G.....A....+.:.A.W...

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ru\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18808
                                                                                                                                                                                                                        Entropy (8bit):6.609816709562167
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:gX/i1NR8N+NTCaoUkEBO5MWrI9aabCzoRoR9z2JgO:gXYMSCaolE0W9z+h9z2H
                                                                                                                                                                                                                        MD5:DC989A4652FFF0FB3E549048D7F814EA
                                                                                                                                                                                                                        SHA1:46D31B207D1ED72AD4872A464337F8916E347E55
                                                                                                                                                                                                                        SHA-256:255755C8A171CBEDA25F2EF48FBE2287E809D87234A0031349050DEB48020D00
                                                                                                                                                                                                                        SHA-512:E1489E927B71ACEB8A7E571241246BDE61CA603ED50457B3D7AE88F367FD23284604A807D6A7C741A3658442297CF44A402F0414976443AEDF9C5A7D506D8DB6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................7... ...@....@.. ..............................QY....@.................................<7..O....@...............$..x%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................p7......H........5..,...........P ..?....4......................................;..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ru\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14768
                                                                                                                                                                                                                        Entropy (8bit):6.783435156328605
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:oyctgQGu+wV41xSHLI8WIWGxVA6VWQ4WWQhnnnIH+BEg7X01k9z3ABKjF7m:oycyhw+/cU8WQxdHhvR9zeKjs
                                                                                                                                                                                                                        MD5:694568BC39CA7381F813B5CE0C7EDE94
                                                                                                                                                                                                                        SHA1:E0647D7F29CB88171AF0A5B9D489D9DAF9C3609A
                                                                                                                                                                                                                        SHA-256:BAB87262BA2C09BF098723DF92714DA3625FA5C41B105236D3E8211BB6D589BA
                                                                                                                                                                                                                        SHA-512:55D995BE39669F41EB80C8771C7BB6386C7933996F39B57FBF553AABBDDCFADEAF76F31C0E4C036FF69FEA7EF47518E800FD3BCAC528BE8D4439CC70A237956A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!.................)... ...@....@.. ..............................eG....@..................................(..K....@..0................%...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H........&..............P ......J&.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.T...(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g..... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\ru\System.Spatial.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22392
                                                                                                                                                                                                                        Entropy (8bit):6.32388645036619
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:YXR0BSi6Sf4/qVmWtVD/HRN7WNbb3LlkQdSfkR:oCxLDvPQ
                                                                                                                                                                                                                        MD5:8082911E1F772F8EE42F7390CAA2C65F
                                                                                                                                                                                                                        SHA1:FD9EAAB4B4C62CD1EE535B8B0C237F6CE394568D
                                                                                                                                                                                                                        SHA-256:594A5807B5080FB29375EE9CD1D2DC8468CC94B4E59CD30215322BA5ACF2CF89
                                                                                                                                                                                                                        SHA-512:2CC42DA7890F6FE4B2D123EB5160F8834527DB5EAD26937569F656A7195C0935A87DA4393428F324BFB8FA50D63B5A06C0DCDBE1486E450D4AEFAD198F11BE6F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F8`...........!.....*...........H... ...`....@.. ....................................@.................................@H..K....`..p............4..x#........................................................... ............... ..H............text....(... ...*.................. ..`.rsrc...p....`.......,..............@..@.reloc...............2..............@..B................pH......H.......TF..............P ...%...E......................................}%.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADP4....~.U.$.g....>...j.......N..!...F+.-.`..}......v.".|.J8.........Rg.......5..1...-.J........L....-?..e.!Z.>&.:^(GdN)..2/.i.A.hsL..zL...V...Z.!I_..za..km.n.t5..v...|....................................6...w.......C.......

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\tr\Microsoft.VisualStudio.Threading.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17320
                                                                                                                                                                                                                        Entropy (8bit):6.517971291255097
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:1i1nDRZHyHFh1OEyeWhPMW5aabGpQ1cYR00R9zoue:Wvylh0vNbzSQ049zoL
                                                                                                                                                                                                                        MD5:9C9196E08F25AAC29B7793E1DE5F4FA8
                                                                                                                                                                                                                        SHA1:227E3BDBA150CBF37B37D7B26852DD8151C919BE
                                                                                                                                                                                                                        SHA-256:03665BBBEAD3A96ACE560BEB38140A64C259D82D0C20F9C2F99DF10A5DA62BB4
                                                                                                                                                                                                                        SHA-512:18EDB325392BF24F5DEEE7906421A3E614B56E3065BC4910D6F9D65EE21186BD3B822A7D8D66357198516AA2462AEEE3C3D4DFD0AC261B0559C7BF9624130EAB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................1... ...@....@.. ..............................O.....@.................................<1..O....@...................%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p1......H......../..,...........P ..=...........................................9..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP'G...q...>.<.[...P.R?...,.o.T.Q.-...O.....Dd./ .....}.).Ev...fj.U..........0s.A5..O...O..Zx............;...T...H...S.......T.......M...............................#...`.......h...........s...........NA.p.p.l.i.e.d.S.y.n.c.h

                                                                                                                                                                                                                        C:\Program Files\Citrix\Broker\Service\tr\Microsoft.VisualStudio.Validation.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14256
                                                                                                                                                                                                                        Entropy (8bit):6.731583436017123
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:xcoBLyVAsxsW0/8WlWGxVA6VWQ4yW7r5GiQTb8o+X01k9z3AqOoxtJkD:xco2A6sW0/8WxxdKr5rI+R9zV3wD
                                                                                                                                                                                                                        MD5:4D4339D2B62B1E756C16CB81C8C0D3DD
                                                                                                                                                                                                                        SHA1:5C8AEF0254F1FFD5A5C9F182038A1061DD18ACE2
                                                                                                                                                                                                                        SHA-256:1D5C9C13E90ED0DE33FEA11BC4B1797F09459D64FC0CE1D5A862A9833A16B46A
                                                                                                                                                                                                                        SHA-512:0AD649280BE18FFF19280885E82E2FE34163643049CE861C528F79934A4A3F49FEE238E2DADDFD3DDC3184AC9E823EBA1EF1612ED6D510A7A40376FCEFCE6EEB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z.d...........!.................'... ...@....@.. ...............................m....@.................................x'..S....@...................%...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......d%..............P .......$.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP#....../.a.I.E$.aL0/].6.S.`..Bf...m+...h.......T...................3.......&A.r.g.u.m.e.n.t._.E.m.p.t.y.A.r.r.a.y.....$A.r.g.u.m.e.n.t._.E.m.p.t.y.G.u.i.d.%...(A.r.g.u.m.e.n.t._.E.m.p.t.y.S.t.r.i.n.g.B... A.r.g.u.m.e.n.t._.N.o.

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSConfiguration\InstanceTypes.xml

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):81629
                                                                                                                                                                                                                        Entropy (8bit):5.009354982248744
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:YQQV8My4NqCLR26jwZ8b5w1UmQ+kLtk3hAw:RQV8MyWqCLR26jwZ8b+1UmQ+kLtk3hAw
                                                                                                                                                                                                                        MD5:71FA8419E6E9901F61BE07C257DE6F5A
                                                                                                                                                                                                                        SHA1:BBB2B2AFFB5A1DCF6A771C546BD5D6AE67CDD99B
                                                                                                                                                                                                                        SHA-256:3C916310D8584422ED98E5461B9905B0A9A4F1E21D3C15941B46F76C2D0D567B
                                                                                                                                                                                                                        SHA-512:0CCE18CB1EE7AA3ACD9FC522DB98775C7E74B10BD1373DBC8D9E13454FA3294825F10707441743842BD963AE8F4E399E69323A29F9248158B86268DBDF4A19EA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8"?>.... ..AWS Instance Types....This configuration file describes the AWS instance types.....AWS instance types are documented by Amazon, but they are not available through the API, so XenDesktop services..are unable to discover them dynamically at run time. This configuration file stores the descriptions in such a way..that they can be ammended manually.....As with all system configuration formats, this file must be edited with care. Please ensure that the rules of the..XSD schema file are followed. (The XSD schema file can be found in the same folder as this XML file within your..installation.) Mistakes in this file could result in no service offerings being available for AWS-based cloud..connections, or in exceptions being thrown from the Citrix Host Service.....-->....<InstanceTypes xmlns="http://www.citrix.com/2013/xd/AWSInstanceTypes".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="htt

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSConfiguration\InstanceTypes.xsd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1833
                                                                                                                                                                                                                        Entropy (8bit):4.7203714212415155
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:cC+D0XDtRHFpPSs5slSsBsWsRsss+s9lsrsks8hg:qD0zTHTP1W
                                                                                                                                                                                                                        MD5:F4C21EF8AA2DF05ECD4F393D8EC214D8
                                                                                                                                                                                                                        SHA1:ABB6C9A9BFEA1AA850AD56A0BE444DFFCD890841
                                                                                                                                                                                                                        SHA-256:C6CFB59446F7120064B54DB7A4D49E065B3BD8D67069EE38E9ECF1952E39FC1D
                                                                                                                                                                                                                        SHA-512:DC4D108D5E1426DC9B068D879F5F876F26CE341A35CB3C1F7280472C68E4029E0A4AD4ABCFF12E160D151C43671190D97CBDBE69DDFBFF9937B409E547A35569
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<xs:schema targetNamespace="http://www.citrix.com/2013/xd/AWSInstanceTypes".. xmlns="http://www.citrix.com/2013/xd/AWSInstanceTypes InstanceTypes.xsd".. xmlns:xs="http://www.w3.org/2001/XMLSchema".. xmlns:msdata="urn:schemas-microsoft-com:xml-msdata".. elementFormDefault="qualified">.. <xs:element name="InstanceTypes" msdata:IsDataSet="true" msdata:Locale="en-US">.. <xs:complexType>.. <xs:choice minOccurs="1" maxOccurs="unbounded">.. <xs:element name="InstanceType">.. <xs:complexType>.. <xs:sequence>.. <xs:element name="Name" type="xs:string" minOccurs="1" maxOccurs="1" />.. <xs:element name="MemoryMiB" type="xs:decimal" minOccurs="1" maxOccurs="1" />.. <xs:element name="EC2ComputeUnits" type="xs:decimal" minOccurs="1" maxOccurs="1" />.. <xs:element name="VirtualCores" type="xs:decimal" minOccurs="1" maxOccurs="1" />..

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSPlugin.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):365128
                                                                                                                                                                                                                        Entropy (8bit):5.897510641690518
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:/rPfQ8CuNsxpsl86BZURpwGeIER1DJn+Q6BSHsh+otfwkBIL9sWX:/0Csxp96BTVm4kBIL9sWX
                                                                                                                                                                                                                        MD5:89259CF420AEF8253D66550AD7CCCA7B
                                                                                                                                                                                                                        SHA1:687C6CEBA079F67666A239A128416A3C7F27B298
                                                                                                                                                                                                                        SHA-256:C39E05D658ED779CE577339095542989E61C3BA58A0A6BF08CAA3D039EC5B81F
                                                                                                                                                                                                                        SHA-512:C0EA5D32A20797855AE16607C9312FAF551DB13CF562979894DBB44B5EE660C3361BADBA0CCFFE2965C523C3286471DA8B47F577F0F52C9F407A24C2E7813DB3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..b..........J.... ........... ...............................E....`.....................................O....................j..H(.......... ...8............................................ ............... ..H............text...P`... ...b.................. ..`.rsrc................d..............@..@.reloc...............h..............@..B................*.......H...........`............n.......~........................................('...*^.('..........%...}....*:.('.....}....*:.('.....}....*...0..........~.......o(...&.*..()...*.0..;.......s*...%r...pr#..po+...%rA..pr...po+...%r...pr#..po+...%r...pr#..po+...%r...pr#..po+...%r...pr#..po+...%r3..pr#..po+...%ri..pr#..po+...%r...pr#..po+...%r...pr#..po+...%r...pr#..po+...%r'..pr#..po+...%rI..pr#..po+...%rk..pr#..po+...%r...pr#..po+...%r...pr#..po+...%r...pr#..po+...%r...pr#..po+...%r.

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1973872
                                                                                                                                                                                                                        Entropy (8bit):5.306940159353833
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:nvvgonqg7BN/0D/VQeZI9rIcFY6ti0YeWEw0mF4AsqUnvJyjXlTg3OtCtagUPcM7:nvvdn5BNWVQQcFY7XeWEwxF41qrL
                                                                                                                                                                                                                        MD5:AEB341CE82582B6B9981340F398596D0
                                                                                                                                                                                                                        SHA1:A1C29800336568F1C80EF13346C453134A216E03
                                                                                                                                                                                                                        SHA-256:6E8882CB4DEFE7ACBB35F336CB3BFF595707C31D18C88E131FE97EAA735654ED
                                                                                                                                                                                                                        SHA-512:D6B8AE94B6172E561943AC19E8D04BEEFF6FB1613D37CF798E36779175EA5398055BB545959185CECD2A6DF5A848051F908634CBFA614C327E302602520FF0BD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C............" ..0.................. ... ....... .......................`............`.....................................O.... ..................p....@..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........s...u..................P.........................................(Z...*..-.r...pr...ps[...z.-.ri..pr{..ps[...z..o\...(....*2.s]...(....*..-.r...pr...ps[...z.(....(^...r...pr...po_...*..-.r...pr...ps[...z.-.ri..pr...ps[...z..o\...(....*2.s]...(....*....0..{........-.r...pr...ps[...z.......... .#Eg}...... ....}...... ...}...... vT2.}......+.....(......@X....i.@Y1.....i.Y...ij.jZ(....*..0...........@........(`.........(a..... .......8/.....8.(a.......(....+%....(.....@

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.EBS.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):74352
                                                                                                                                                                                                                        Entropy (8bit):6.187175197951705
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:i1BPbB1s4O3nx3mmPjEvgvdD1AcMB4xzhxlMrg/7RxP:q31GB27B4xzhcg/T
                                                                                                                                                                                                                        MD5:1D5CADE1200F61A02CD23BBC96B61E78
                                                                                                                                                                                                                        SHA1:02D739EABD9BC9BB60DD95F321B568F168233CD5
                                                                                                                                                                                                                        SHA-256:18C033C5600138CFC59497E5290FB82D95A32D583D867032FA3068D0524EFF6C
                                                                                                                                                                                                                        SHA-512:DD6E21D8A3CC85436B938BBCE9FE4414915D2EECF38619E4EEFBF90B972F033150FC4271DF4DAA0019800BDABF23DCADF9D0340E6B9E8C651AF317C8B82F7A29
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`............`.....................................O.... ..................p....@..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........a..d............................................................r...p*..~....}.....(....s'...((....r...p()....r...p(*....s....(+...*.r...p*.r...p*..{....*Br'..p(,........*.0..M.......s-...%(....o....%(....o....%(....o....%(....o....%(....o....%(....o....s/...*.~....*.~....*.~....*.~....*.~....*.~....*..0..........s0...%.o1...%.o2...%.o3...%.o4...%#.....8.@(5...s6...o7...%#.....8.@(5...s6...o8...%....'....o9...%....'....o:........s0...%.o1...%.o2...%.o3...%.o4...%#...

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.EC2.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):3371632
                                                                                                                                                                                                                        Entropy (8bit):6.057145847184148
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:sjAOpjDoQ7Hmj57+aq/em+iUwb89vbHYHgQWhqE4VIZkER5za9fd0GCZBXMWLMEa:AAOBgRMRofsXGoNkRc8HyR
                                                                                                                                                                                                                        MD5:81459C068A8B2C0DA67C26DD1267D415
                                                                                                                                                                                                                        SHA1:C1220193B51786F1043FF6A801291577810A0DC3
                                                                                                                                                                                                                        SHA-256:3A6B1417A9A3EE9826D6141588ACFC94D1F738014A79E14DB460BEB1336F0878
                                                                                                                                                                                                                        SHA-512:CFB06101CB9B67BCCF49546A559E56D7C8435E1CB39BC5EB9ECBA3CD2F265ADA615F3DDCB18E3818D4E4E1CFC1E2EA63BAC2F3E9B1BC78C89AB97A2FFB2794B7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}............" ..0..83.........RW3.. ...`3...... ........................3.....$.3...`..................................W3.O....`3.<............D3.p.....3......U3.T............................................ ............... ..H............text...X73.. ...83................. ..`.rsrc...<....`3......:3.............@..@.reloc........3......B3.............@..B................4W3.....H.......d....l".................pU3......................................0..........~....:....s..............(......(..........(....(....o.......8.......u.........(....:......o....o....r...p.o....,k..o.........i.3[....o........(.........(....-=...o....,3..o....r...p(......o.....(....,.~........s~...o......X....i?X...~....*.0..O.......s`...%.oX.....-..r#..po[....*.o.....(.......o....,..-..rU..po[....*.....o.....*n.{....-...sLg..}.....{....*F.(....s....(....*b.(....s....%.o....

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.IdentityManagement.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):616560
                                                                                                                                                                                                                        Entropy (8bit):5.964402515201315
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:Y9h6LSSKlVXcSBcOFp17Z5QMv6QA/eop3TpFZNZlPOtxdJdxn8mLzfBVwo6rAtz8:Y9h6LSSKlVXcSBcOFp17Z5QMv6QA/eoh
                                                                                                                                                                                                                        MD5:C37FE92C0C57C2EB96A1099983473FEA
                                                                                                                                                                                                                        SHA1:FC356B76E4DA9E3719B89C57FF378E0DA4D69698
                                                                                                                                                                                                                        SHA-256:3D28E73BE5BE7328E61ADE3051FB3264B235A6C760DA1B25A016267356CD66A0
                                                                                                                                                                                                                        SHA-512:452A8F470437136F912A220EF1F389BAE6644B07E2863F63ADEA7080F5E7FADF080CCFB92571F41FC7C6EDDBE2C0686DFD8F20B88F4A2C63BB97BD9A2FFCB938
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C............." ..0..............L... ...`....... ..............................3.....`..................................L..O....`..$............:..p...........dK..T............................................ ............... ..H............text....,... ...................... ..`.rsrc...$....`.......0..............@..@.reloc...............8..............@..B.................L......H........n.......................J.......................................r...p*..0..T........~....}.....(....s....(.....r...p(.....r...p(.....(.......%-.&~....(.....s)...(....*.r...p*.r...p*..{....*Br'..p(.........*..0..M.......s....%(....o....%(....o....%(....o....%(....o....%(....o....%(....o....s....*.~....*.~....*.~....*.~....*.~....*.~....*..0..........s....%.o....%.o....%.o....%.o....%#.....8.@(....s....o....%#.....8.@(....s....o....%.........o....%.........o.........s.

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.S3.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):838768
                                                                                                                                                                                                                        Entropy (8bit):5.846375980325014
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:HrhynQX84uxG5YRrXHKhRF7L/KGCjhEOT9rP0kpo9j:HrhynQX8cYR7CjKGy21J
                                                                                                                                                                                                                        MD5:DAFB5A6A6176A5FCF369DA94C254C4AC
                                                                                                                                                                                                                        SHA1:E876F32043F5EDC6B6CEC43AD51302680B7F07E2
                                                                                                                                                                                                                        SHA-256:EEC21BE0CE2BE3625F878D44555C53512B618A326C9F2CBD0DE258360772E410
                                                                                                                                                                                                                        SHA-512:96F290EC4DC6916E6ED5497364A372F99B911D0C44D22D5CEC44CEAB9E9B8BBDCDAE242D4493FBA4357D6A1B72CDB9399A900CE2C81EF37E3A77EA7136000BF0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ..............................I.....`.....................................O.......................p...............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.........................................................................{P...*:.(Q.....}P...*..0..)........u..........,.(R....{P....{P...oS...*.*.*v >.". )UU.Z(R....{P...oT...X*..0..:........r...p......%..{P......%q.........-.&.+.......oU....(V...*...0.................(....r3..p(W.....(X...-..(Y...(....sZ...rk..po[.....-.*.s......o....,9.o......o\...o]...,%.o........(^...,..o........(_...(....*.~....*6.(..........*.~....*.......*.~....*.......*.~....*.......*....0..*.......

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\AWSSDK.SecurityToken.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):99440
                                                                                                                                                                                                                        Entropy (8bit):6.157321747534108
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:TTIErx8cW2Cohs0kkFPeXCG9lDLthhdjGC85HSsNg/7lxx:91PW2Cohs0kEPMb7D5hhdjGCnsNg/B
                                                                                                                                                                                                                        MD5:28E7DBA8857E55F2B1B030520EC71231
                                                                                                                                                                                                                        SHA1:988EFE9188A63E453ABB7C2F0E05C43E1EED26E4
                                                                                                                                                                                                                        SHA-256:BD83BBF7C4EA848194ECE701D95D373FF2E462063ED780CDE0F41ED8773188D5
                                                                                                                                                                                                                        SHA-512:1BBE7E09D61A6D2632747FA867EFDE0D8636D4BAB23FF9E9EBCA7F48A6220E90E54E0C071548EBEAB2E059F203F4E1918BC8C70E1BCE9269ECB9A2880EB4895C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3U............" ..0..J..........zh... ........... ...................................`.................................&h..O.......@............V..p............f..T............................................ ............... ..H............text....H... ...J.................. ..`.rsrc...@............L..............@..@.reloc...............T..............@..B................Zh......H........}..|...................xf.......................................0..F........(!...o"...s........o........r...p.s#...z......o........rs..p.s$...z.*....................*..7.......0..........sE...%.oC...%.o=...%.o@......,}...o%...o:......o&...%-.&.+)~....%-.&~..........s'...%.....(...+(...+o7......o*...o4.....o+......(,...,....o+......(-...o1....*...0................(.......o......oL...o.....oL...o.....oL...o.....oL...o....s......:.r...p.(/....s$..........(0...(1.......o

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\BlankVhdTemplate.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10490880
                                                                                                                                                                                                                        Entropy (8bit):0.9485815165593214
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:G/pcGnh3vs/InbrTIHvPnHmC5irCuMo/+ncoZZihnh/7N:erZn7y/EGuH/cpin7
                                                                                                                                                                                                                        MD5:DF6E116B0D811CC974DCEF1792F8A907
                                                                                                                                                                                                                        SHA1:D5E96D8029268AE433FFFE58F2EB0891B6D3BDAA
                                                                                                                                                                                                                        SHA-256:9126D4AD4D71CAB4394973C8D2A57B6B9777649244931F4516CC2558CBCA4A6C
                                                                                                                                                                                                                        SHA-512:5945DBD72D9185DAA686831C544451E36D12E83A51A6F65E0205894CDEC22E79353F3FFEF93F4B2CD41BF73D2C66A141CEBA16ACA1AB2B67B13B71690669DF38
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix....................win ....Wi2k.............................+.d.OL...W................................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....o................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.HCL.DistributedTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22088
                                                                                                                                                                                                                        Entropy (8bit):6.641765707043487
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:fEF5H8cTNlAlsys5y/pSU96ppG7JewIYiArevVAM+o/8E9VF0NyHiscMQ:f6BDBQIvppG7JeZYiRvVAMxkEsB3
                                                                                                                                                                                                                        MD5:F09C4821B3E7C25CA445E8A16324B79D
                                                                                                                                                                                                                        SHA1:A61C27BABF80BE9EA13E087EE4EB59167EF98248
                                                                                                                                                                                                                        SHA-256:1AD2203660F8B15635F95C90F45634861AB4F782FE647C7977C76125C5CDF533
                                                                                                                                                                                                                        SHA-512:E2E5E49CD926B140C9B120F6FEB38778D2F96B3B1B6A55F54D96C92B0DFB892CB3EA98316F9EC6E32C8B8F16AC77CA966E5AAE585AB75D220DDD55373F055EE0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..$...........C... ...`....... ....................................`.................................0C..O....`..t...............H(..........4B..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...t....`.......&..............@..@.reloc...............,..............@..B................dC......H........#..4....................A........................................(....*:.(......}....*..(....*~.(......s....}......o....}....*..0..+.......(....%%-.&.........+.(.....%-.(......s....*R.{......(.....o....*.0..}................-..+..o....( ...-....o.....o!...("...(#.......(.......(......-..+..($...-(.,%.o%......(&...,...o%......('...((...&.*....0..$...........()...-..+...(*......(+...(,...-..+..-.(-...+.(.......()...9......(/.....(0.......-'.{......(.............$.....o

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Authentication.Models.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.738944150774985
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ZsQLxuNtRtyZPJBTIYiArevoCbAM+o/8E9VF0Ny58Y:6U0PtyZPJBcYiRvLbAMxkEAY
                                                                                                                                                                                                                        MD5:8EFBE7AFA76BFB08ED1DBA339F2997EE
                                                                                                                                                                                                                        SHA1:2C353D78FEA351F0EE196C4351C91DD9C144A2EC
                                                                                                                                                                                                                        SHA-256:5110D6ADA044AB0692E6192726EA572EC1554595F423CFE21CDCA42B37061BF4
                                                                                                                                                                                                                        SHA-512:9367DA4B851665B9E3EF9CDB920496302CB1E9BF1A18CF58061F58F23273AEDDE31377E413637CE6A279E945DD75CE52A460C886C54DA03DBB2EB40A9CD6207B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............" ..0..............2... ...@....... ..............................[=....`.................................m2..O....@..t...............H(...`......|1..8............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................2......H.......d!.......................0........................................(....*:.(......}....*...r...p(......}......}.......}....*..{....*.r...p*..{....*..{....*...r!..p(......}......}.......}.......}....*..{....*.r)..p*..{....*..{....*..{....*.r1..ps..........%.rE..p.%.rO..p.%.r_..p.s.........*n..rq..p(......}......}....*..{....*.r}..p*..{....*BSJB............v4.0.30319......l...H...#~..........#Strings............#US.T.......#GUID...d...4...#Blob...........W..........3....

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Aws.Batcher.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18504
                                                                                                                                                                                                                        Entropy (8bit):6.709007854449378
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:KE56RpGpsCpBViT8DBJLQIYiArevkAM+o/8E9VF0NyDspw:uXYKT8DBJL5YiRvkAMxkE5gw
                                                                                                                                                                                                                        MD5:1102FC66F612754C05D116845FF3FE8A
                                                                                                                                                                                                                        SHA1:D373E844C8E003B8C4908621E3C4203A94474683
                                                                                                                                                                                                                        SHA-256:0F00FBFE8676BB257628776B79EC1E4C3D1C617DE35CDDCC69FC5D1496EA7EBE
                                                                                                                                                                                                                        SHA-512:A80068B9EFD675BDAFCC25E78F65AB924714B247F4A05C2329956FE283ED548A070652C885C8DB91D78C5646CED3B45AD10F546589E4A0BAF885AF0669EF0798
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....N..........." ..0..............4... ...@....... ....................................`.................................I4..O....@..8............ ..H(...`......t3..8............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B................}4......H........".......................2........................................(....*:.(......}....*..0..D........s....}.....(......}......}......{.....s....}.....s....}......}....*.0...........{...........(.....{......{....{....o ........{......{....{.....o!....{....{....o ....{....3(..{.....{....s....}.....o"....s....}........,..(#.....,d. ....o$...-J.{...........(......{....3"..{.....{....s....}.....s....}........,..(#.....o%....o&...*.o'...*........}...........5.......F.{....%

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.DistributedTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):69192
                                                                                                                                                                                                                        Entropy (8bit):6.264733602895141
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:cpzUlctlFuJbvsrc7rvBwzqKeJ48+jUEcmBbUypbQSvSTRJ307Ngxx:cNUEy57LurYElwypbQSvSTRJ30h8
                                                                                                                                                                                                                        MD5:A2C8CA22B2E02CA78C1EA9EDC2FEB3AF
                                                                                                                                                                                                                        SHA1:6670DE0969B24A95EDA2D6BE22265356E4E2045B
                                                                                                                                                                                                                        SHA-256:EEDA7BB49EB75253F75B4CDDF57CED2AE979F565D1CB51C6BD0F5D6B61A40EC9
                                                                                                                                                                                                                        SHA-512:E2CAFCC5D5F5930EE95D88A917A23A4713196F647CE4C7649A86F3FC0B08071E99FFFFAD7470466607BA12EA4B1572AFB6E7B47795E83EF65D3DF6D3AC263020
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@....... ....`.................................U...O.......................H(... ......l...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........Q..............................................................(M...*..(....*^.(.......[...%...}....*:.(......}....*:.(......}....*:.(......}....*..(....*.0...........,z.u\.....-y.u]...,...]....+m.u....,........+l.u......-s.u....,.........+k.u....,.........+d.u....,.........+].u........-\+kr...p..+o...+j..(....(......+Z........o......+I.(......+?..(......+4..(......+)..(......+....(....o......+..(....(........*.0..?.........(......,...3...+...(.....s ....+...(!.....

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.NgsTunnel.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):56904
                                                                                                                                                                                                                        Entropy (8bit):6.217499635766494
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:jMMWQu+s+f+yXl6uGhDuX6UXfq1gZl7NgxP:wRQunujX6UkKlhM
                                                                                                                                                                                                                        MD5:C2778ED46F59ECE4F4FF642E40DDCE18
                                                                                                                                                                                                                        SHA1:CC914C0B6B1BA99C39896D7026729C345461F90E
                                                                                                                                                                                                                        SHA-256:DAC1BBE7A53FCC0D246876476E4630D758120B2D8AF0D801B5B84151F84CB6D7
                                                                                                                                                                                                                        SHA-512:47D94230E6153B1170960AFF102619742B6C1DB37B36995FC195944048415CA380CCED1E35C78DA16C06B6FF2F08A83DC48AF9B520CF9902AEC854F8A4C3E3CE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............".... ........... ....................... ............`.....................................O.......,...............H(..............8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........W..tq..................t.........................................{....*..{....*..{....*..{....*..{....*..(......}......}......}.......}.......}....*....0...........u........|.,w( ....{.....{....o!...,_("....{.....{....o#...,G($....{.....{....o%...,/(&....{.....{....o'...,.((....{.....{....o)...*.*.*....0..y....... ..@' )UU.Z( ....{....o*...X )UU.Z("....{....o+...X )UU.Z($....{....o,...X )UU.Z(&....{....o-...X )UU.Z((....{....o....X*....0...........r...p......%..{....

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Citrix.Xaxd.Utilities.AssemblyResolver.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20552
                                                                                                                                                                                                                        Entropy (8bit):6.667489560107046
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:SzvR3JuBw+ZsElzh2Vka3DWJLftIYiArevjcHAM+o/8E9VF0NynX:eIwGlLqka3DWJLyYiRvjcHAMxkEx
                                                                                                                                                                                                                        MD5:B4FB4C4B348D4E0DF8BFF4FFF8886AE1
                                                                                                                                                                                                                        SHA1:7B0AD08BB995968BD504EECA407E582B2C96EFA1
                                                                                                                                                                                                                        SHA-256:FC2E6A213C4C87B628706F77D91E7A92C4D0EFC7348039BC07FA1E41213F8163
                                                                                                                                                                                                                        SHA-512:67C48215EE3A47A138C685AA62C869C39A882BC37C45CEBC852E1C3CBBD28747E5613668986141F7EB9E6501790B5F1CFAB7CA5D39DCABD4A02EE74035918FC7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3s..........." ..0..............<... ...@....... ..............................Q.....`..................................;..O....@...............(..H(...`.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................;......H.......|$......................D:........................................(....*:.(......}....*..0..?............(....o....o....(......(....,..(....(...........s....o....*..(....*..0...........(....,.*..r...p(.......(...%.r...p.%.r7..p.%.rY..p.%.rm..p...(....-..G.......+*.........(........(....,.....(....`....X......i2..,.(......&..*..................0..........s.......o....s ...}.....{....o!.....(....,..*.(....o"..........s#...(...+...(%...,[(....o&....+:.o'....{....~....%-.

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\CloudCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):297544
                                                                                                                                                                                                                        Entropy (8bit):5.955561104840421
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:ngcK+GHYFlQO97FfyttsAqYXlSFYWXH1s+m:nvGQxytqeohm
                                                                                                                                                                                                                        MD5:47F4B775C00B8562CBED5B42B0735CE4
                                                                                                                                                                                                                        SHA1:6BB92316909B8F68223C621F4331749D9809DD31
                                                                                                                                                                                                                        SHA-256:A69F03AA415BED9522A70A4456FFE67CA7175FA3EB5CEC3D03319EC1B3657910
                                                                                                                                                                                                                        SHA-512:15947AA1F732F7379325EDD3AAA573419CB49B35D3CC8820B64F108040CA9D14361D4260E2E79ECE107EAE5EC22288EB069C5A1561664EA22D05D40258F82A6D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....4..........." ..0..X...........v... ........... ....................................`..................................u..O....................b..H(...........t..8............................................ ............... ..H............text...pV... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B.................v......H........|..8............f......lt........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*..{....*"..}....*..{....*"..}....*..(....*B...(X.....}....*..{....*.r...p*..*..0..%........(a...%r#..p.(.......( ...(!...o"...*r.(......}......}......}....*V.(......}......}....*..{....*..{....*.0..a.......sT......}|....(......}}.....}.........U...s#......V...s.....sJ...}.....#.......?($......W...s%....s&...}.....{....o'........X...s(....s)...}

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\DiscUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1011784
                                                                                                                                                                                                                        Entropy (8bit):6.001140300190096
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:QCmGf6qsJNLfnU9PbbpRTf1FgvSCCquyFY150:dJSLfnU9Pbn9FYBCq6u
                                                                                                                                                                                                                        MD5:A4DE4231E573C4586A3ADFB3F6E4497E
                                                                                                                                                                                                                        SHA1:EBD421F798FE937BEADFFD96FD0AC501FEAB1F2E
                                                                                                                                                                                                                        SHA-256:BA7AF306AC79D0E1438405D2681334B0F260D34C495AAA4755549F3CE61CB857
                                                                                                                                                                                                                        SHA-512:76953B2521787C35EDA8AA4625C33AFE92497B65F04B9A4B0E682D390E2DE47A91099EA7C1B84638F390502793C1A8171AAB85C5E787008C80C4F23B05AD47B8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y............" ..0..@..........b>... ...`....... ..............................U\....`..................................>..O....`...............H..H(..........8=..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................D>......H.......@B...t...................<........................................(l...*:.(l.....}....*v....(m.....}...........}....*..{....*"..}....*...0...........{.....{....j]i..-O..{....],..{.....jX.on...34.(o....{....op....(o......oq.......{......jX}......*.{.....{....j(......{.....jX.{....j(....%.Y ....j1.r...psr...z.Y.......(o....op....(o.......ioq.......Y(s...........(t.....{......jX}......*..0..<...........3...{....X.+...3...on...X...j/.rA..psr...z..}.....{....*.0..F.......

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\HypervisorsCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):138824
                                                                                                                                                                                                                        Entropy (8bit):6.148850658916972
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:y33DPnEZQttmdS6Wa2EJjtpUGzhv95Awth4G3LatfNFAfhrU:oTPzJ6W12DqNFWrU
                                                                                                                                                                                                                        MD5:D7F11F4F22DCA93BF7B5FD7C744EAC83
                                                                                                                                                                                                                        SHA1:9AEB0DEC0688737E25CA13CB159B0F3A618F6BCF
                                                                                                                                                                                                                        SHA-256:A5DB70A8D4AC887F562012E02CF349E36898ED112B8BAC9B747B7F23D1661A77
                                                                                                                                                                                                                        SHA-512:B71504CAE7132E0E5F93266F074AD9EDB0120A02C43C7583A7D1E62A5695BBCB812D087481CDAA75B8A37B6A52E757305367E281384BBCD4B0EECEB1E50EEDC0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r.<..........." ..0.................. ... ....... .......................`......^>....`.....................................O.... ..,...............H(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...,.... ......................@..@.reloc.......@......................@..B........................H............\..................L.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*..(.....r...p(.....r...p(.....r...p(......(....*r.(......(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..J.........s....}.....(......} .....}!...("......-..........+..(#...}$....,..o....*2.(%...o&...*..{$...*2.(%...o'...*..{....*2.((...o)...*..*..{*...*"..}*...*..{ ...*....0..;........(%...o+....{!..

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Microsoft.Bcl.AsyncInterfaces.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):26752
                                                                                                                                                                                                                        Entropy (8bit):6.512503595653532
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:DulwnBhYlTVv2wK5idcgF4of1n6K9zUYJ:ywHYFtKYdcg/f1nXzUYJ
                                                                                                                                                                                                                        MD5:970B6E6478AE3AB699F277D77DE0CD19
                                                                                                                                                                                                                        SHA1:5475CB28998D419B4714343FFA9511FF46322AC2
                                                                                                                                                                                                                        SHA-256:5DC372A10F345B1F00EC6A8FA1A2CE569F7E5D63E4F1F8631BE367E46BFA34F4
                                                                                                                                                                                                                        SHA-512:F3AD2088C5D3FCB770C6D8212650EED95507E107A34F9468CA9DB99DEFD8838443A95E0B59A5A6CB65A18EBBC529110C5348513A321B44223F537096C6D7D6E0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$:............" ..0..4...........S... ...`....... ....................................`..................................S..O....`...............@...(...........R..T............................................ ............... ..H............text....3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............>..............@..B.................S......H........'..P*..................,R........................................(....*..(....*^.(.......1...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(.......2...%...}....*:.(......}....*..{....*z.(......}.......2...%...}....*V.(......}......}....*..{....*..{....*:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\Newtonsoft.Json.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):711952
                                                                                                                                                                                                                        Entropy (8bit):5.967185619483575
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
                                                                                                                                                                                                                        MD5:195FFB7167DB3219B217C4FD439EEDD6
                                                                                                                                                                                                                        SHA1:1E76E6099570EDE620B76ED47CF8D03A936D49F8
                                                                                                                                                                                                                        SHA-256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
                                                                                                                                                                                                                        SHA-512:56EB7F070929B239642DAB729537DDE2C2287BDB852AD9E80B5358C74B14BC2B2DDED910D0E3B6304EA27EB587E5F19DB0A92E1CBAE6A70FB20B4EF05057E4AC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O......................../.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\PvsVmTemplate.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10490880
                                                                                                                                                                                                                        Entropy (8bit):0.95065153461183
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:D/pcGnh3vs/InbrTIHvPnHmC5irCuMo/+ncoZZihnh8jXTBxGQe2p4UEcGQ6xJYm:LrZn7y/EGuH/cpiUTk0
                                                                                                                                                                                                                        MD5:DB3BDCDEDC59E29178B7F54D87B41C62
                                                                                                                                                                                                                        SHA1:02A9DFB053A6D2B25A2460065FC55C2A4CCB7B75
                                                                                                                                                                                                                        SHA-256:A0D7D172F50026F44AFE728DB76EBA98CFFF859CBE9C620EAF30D748229662C1
                                                                                                                                                                                                                        SHA-512:B27BCED021D8B5D9816A5277D526D34756A93A0C193EC6B3821C227BB43E5CD8E6CE90083CF0637DD82E50407E2A28802A527B98BAB1EAB8E55432B264980B52
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix...................win ....Wi2k...........................l.....<......#...............................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....o................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\PvsVmTemplateForPreparationVM.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23078400
                                                                                                                                                                                                                        Entropy (8bit):1.1328074820682268
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:KrZn7y/EGuH/cpiBn6A9s0erAGCrZn7y/EGuH/cpiBfd+:yUDuH/c8N9s0+wUDuH/c8
                                                                                                                                                                                                                        MD5:14CF8A6B711753773D9971A6D1D98436
                                                                                                                                                                                                                        SHA1:806EC3E61015DB6E86AE6A6E7B65C4A24A004E24
                                                                                                                                                                                                                        SHA-256:6F26ED14F678EFECCA13B003F2E218429C455D037A2D37E8220EB3A7EF8BCED6
                                                                                                                                                                                                                        SHA-512:E380A0CD483AFC4E0BB1CD80DEC4D2BA62B419B2291AF894F4B4A7F0385C94C1CFE17DCD33B758F124DB799D6EC28FBC487C6B28645FFDC7BE034A377B47A131
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix................(...sdb ....Wi2k....@.......@.... .?...........W....-...GL............................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....u................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\StandardSocketsHttpHandler.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):233472
                                                                                                                                                                                                                        Entropy (8bit):5.877859797546977
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:geRFqpNtJXhWrUjf0TdtFsp13fWaVbQugoBFhsWS/JEzu0Czlmi4IglPqwX:zuRsbTp83fWadQZoBjVP/flSw
                                                                                                                                                                                                                        MD5:BF45E91ABF5E766CFEFCFC90E2ED1D7F
                                                                                                                                                                                                                        SHA1:2D8829AA8F1D5DC4758309BF1DBAFC69D5A44729
                                                                                                                                                                                                                        SHA-256:237899763C0869C2AC057BAD4FA43BA0159D2931AC43486093DBE93EC17A8CA9
                                                                                                                                                                                                                        SHA-512:E995BD3F5C15294DA92B1C68E9D9C721EEA1E21AA6DC3BFD9B2312A152EBDEF9595055C60CF776D6069A9F91DEA8C1D52F3BE60C4423787AA71D31E46E4A67CE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....m..........."!..0................. ........@.. ....................................`.....................................K...................................t................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................L.. w..4.........................................(....*B...o.....Y(....*....0..c........-.~....*..X.Y.+...X....0...o....(....-.+...Y...2...o....(....-...Y.X..,...o.........o....*.*~....*..0.................(.....o......(....*...0..,.............-..+.........o.....(.....X.(....(....*.0..K.............-..+.........o...........-..+.........o.....(.....X.(.....(....(....*..0..k.............-..+.........o...........-..+.........o...........-..+.........o..

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Buffers.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20856
                                                                                                                                                                                                                        Entropy (8bit):6.425485073687783
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
                                                                                                                                                                                                                        MD5:ECDFE8EDE869D2CCC6BF99981EA96400
                                                                                                                                                                                                                        SHA1:2F410A0396BC148ED533AD49B6415FB58DD4D641
                                                                                                                                                                                                                        SHA-256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
                                                                                                                                                                                                                        SHA-512:5FC7FEE5C25CB2EEE19737068968E00A00961C257271B420F594E5A0DA0559502D04EE6BA2D8D2AAD77F3769622F6743A5EE8DAE23F8F993F33FB09ED8DB2741
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ....................................@..................................B..O....`..@...............x#...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):173232
                                                                                                                                                                                                                        Entropy (8bit):6.261323355738202
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:bNcLPcNABKuTwIxpRoZgM4U2Ny1jb54rbHXrwZ2F3c:p1NAB9qZgM4U4qnQwl
                                                                                                                                                                                                                        MD5:ECA216927ED487613B7A042FC643BD8F
                                                                                                                                                                                                                        SHA1:030BBD6D404138A5DE6AD850269985372C89D9EB
                                                                                                                                                                                                                        SHA-256:5B8CCDDA36486950DE37484C25E1334376431E52176C32F87DD730690B273E3B
                                                                                                                                                                                                                        SHA-512:C234B5A11E14B5DA6CC940BC0D989C0F64C73E66CFE62970ECDB5DB37F1E86A163861987A947A3C6FE93291557356F1F1C1FBBFA2187DD61F4A9235C1E374E78
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'..........." ..0..p.............. ........... ....................................`.................................s...O....................|...(..........t...T............................................ ............... ..H............text....o... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B........................H...........(...........4................................................{....*:.(/.....}....*..0..)........u%.........,.(0....{.....{....o1...*.*.*v ..yN )UU.Z(0....{....o2...X*..0..:........r...p......%..{.......%q'....'...-.&.+...'...o3....(4...*..{5...*:.(/.....}5...*....0..)........u(.........,.(0....{5....{5...o1...*.*.*v ..:. )UU.Z(0....{5...o2...X*..0..:........r-..p......%..{5......%q'....'...-.&.+...'...o3....(4...*..{6...*..{7...*V.(/.....}6.....}7...*.0..A.......

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Numerics.Vectors.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):115856
                                                                                                                                                                                                                        Entropy (8bit):5.631610124521223
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
                                                                                                                                                                                                                        MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
                                                                                                                                                                                                                        SHA1:3D216458740AD5CB05BC5F7C3491CDE44A1E5DF0
                                                                                                                                                                                                                        SHA-256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
                                                                                                                                                                                                                        SHA-512:0B14A039CA67982794A2BB69974EF04A7FBEE3686D7364F8F4DB70EA6259D29640CBB83D5B544D92FA1D3676C7619CD580FF45671A2BB4753ED8B383597C6DA8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................DF....@.................................f...O........................>.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):78976
                                                                                                                                                                                                                        Entropy (8bit):6.105061710610473
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:4OO7OOOc2yIDmBkKQh3rt7jUGyRG/mz4CRLf8ocVW4t72bfQZHzp:fyMmXQh3rNjUFG/mk8f8owW4s0ZHF
                                                                                                                                                                                                                        MD5:C77AE3414D78C1F082C65415FAE69661
                                                                                                                                                                                                                        SHA1:3B35461D86A774535AC226CA9706FB50332DE20A
                                                                                                                                                                                                                        SHA-256:C792BFE3F43C894E20339252D159A96A20CCC6E13322B2D382570FF97939E501
                                                                                                                                                                                                                        SHA-512:08941BA8BE5031CC4E363A916525437C62B409576C91C10FC72795FAA10BC989F0D1797B576802E208DFE4305A4447C0299E2755BA92F97F531DE1F56FD5865A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....u............" ..0.................. ... ....... .......................`......<.....`.....................................O.... ...................(...@..........T............................................ ............... ..H............text...0.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........m......................H.........................................('...*..('...*..('...*^.('......8...%...}....*:.('.....}....*:.('.....}....*:.('.....}....*^.('......9...%...}....*:.('.....}....*:.('.....}....*..0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X((.....R...((.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X().... ...._.S...().....d.S*..0..&.........+....(*...G...Z.(......X....(+...2.*...0............(+.....1...(+....Z.:..

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Text.Json.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):582320
                                                                                                                                                                                                                        Entropy (8bit):5.99177382417674
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:Bo+rY8ZyAVNXL1VPGSEiWqJHsiEg2A9fLF:BhxXXrPGS6A7h
                                                                                                                                                                                                                        MD5:B7083FFD5D2BBBE83C6B439196838D78
                                                                                                                                                                                                                        SHA1:17B58D7F1CFFE4C1DD8E8246E127C949F4066D85
                                                                                                                                                                                                                        SHA-256:D14DBC34F6824757E6F6AE758B05F76C447F96F8D75BE3C4B8286FCC5A388B30
                                                                                                                                                                                                                        SHA-512:6C82D0F3B8E65DB99AA6F3973A6CB69CC9D02EFD3C3CC55AF03F01D5318360054E004EA4BCB53A2A7CF5DC1C0D77DC9183B479654CF88BBAC7B263FC68C61B16
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ......+.....`.................................i...O........................(..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........S..............`O...w............................................(J...*..(J...*..(J...*..(J...*^.(J..........%...}....*:.(J.....}....*:.(J.....}....*:.(J.....}....*..(J...*:.(J.....}....*.0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(K.....R...(K.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(L.... ...._.S...(L.....d.S*..0..&.........+....(M...G...Z.(......X....(N...2.*...0............(N.....1...(N....Z.....(...+.+...(N....Z......

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25984
                                                                                                                                                                                                                        Entropy (8bit):6.291520154015514
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:1R973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8aJcyHRN7WEimpplex:1RZ4nNxnYTb6Blha
                                                                                                                                                                                                                        MD5:E1E9D7D46E5CD9525C5927DC98D9ECC7
                                                                                                                                                                                                                        SHA1:2242627282F9E07E37B274EA36FAC2D3CD9C9110
                                                                                                                                                                                                                        SHA-256:4F81FFD0DC7204DB75AFC35EA4291769B07C440592F28894260EEA76626A23C6
                                                                                                                                                                                                                        SHA-512:DA7AB8C0100E7D074F0E680B28D241940733860DFBDC5B8C78428B76E807F27E44D1C5EC95EE80C0B5098E8C5D5DA4D48BCE86800164F9734A05035220C3FF11
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..8...........V... ...`....... ....................................@..................................V..O....`...............B...#..........PU............................................... ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H........0...$...................T........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\System.ValueTuple.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25232
                                                                                                                                                                                                                        Entropy (8bit):6.672539084038871
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN
                                                                                                                                                                                                                        MD5:23EE4302E85013A1EB4324C414D561D5
                                                                                                                                                                                                                        SHA1:D1664731719E85AAD7A2273685D77FEB0204EC98
                                                                                                                                                                                                                        SHA-256:E905D102585B22C6DF04F219AF5CBDBFA7BC165979E9788B62DF6DCC165E10F4
                                                                                                                                                                                                                        SHA-512:6B223CE7F580A40A8864A762E3D5CCCF1D34A554847787551E8A5D4D05D7F7A5F116F2DE8A1C793F327A64D23570228C6E3648A541DD52F93D58F8F243591E32
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ...............................H....@..................................2..O....@...............$...>...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\de\CloudCommon.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.729842973131839
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:bHltnJrG/jwXIYiArevzAM+o/8E9VF0Ny0+F:FG/jwYYiRvzAMxkE5F
                                                                                                                                                                                                                        MD5:D5F5F9F7B6ED12E0C166F56D65F84440
                                                                                                                                                                                                                        SHA1:2E58D6574457266C0472E8AB0F2AAFAF21A1A203
                                                                                                                                                                                                                        SHA-256:1F4DF7A17E9548CC7905F799F53B4EDAF6DDF572B46A024AE315D710DC36D5CF
                                                                                                                                                                                                                        SHA-512:34797FB739314626D74947E058BEF2C8F39AF8AB2B595EAA2116D64E98FF93D0915854D99257E0C5E7212AC840D1038FE3BD5F7E51332737695585D3184F4017
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^.f...........!.................3... ...@....... ....................................@..................................3..S....@..................H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......(/..`............ ..X...P .........................................X.)c.~@.........4....EWn....1..=S..}.t ..s..s1*)i.i...X....^...^.@7..h....".9......6.....^.i*ags*xq+A..\I.I...^.cK.T..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)jw.. ..A.k.i.zs....h.....X.)fP.[...w...{.{....6...6K[}B.W.PV.#Z..ww..}..~h...................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\es\CloudCommon.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18504
                                                                                                                                                                                                                        Entropy (8bit):6.622161022521884
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:/tKMLr6Q/jw3IYiArev9AM+o/8E9VF0Nyn//:cM3R/jw4YiRv9AMxkEB
                                                                                                                                                                                                                        MD5:F470E771757D1D1CEE572EC526EADF17
                                                                                                                                                                                                                        SHA1:099DD3F7F3CCA8A609B1C4E205B5D9988C870BBF
                                                                                                                                                                                                                        SHA-256:AEB1984614421D5CFBCAD8566D93AD0F5079DB6FCAF3DCE7A542C9F432FF9C03
                                                                                                                                                                                                                        SHA-512:441BCADFC453BC748A0D34DFEF0727F6B4B54D610EDC4E1E77517437D03D12ABEDC7620C06DFA1E30B2DD0B37F166923A17CA3E05D937BBF45E05E3F1A5418A8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^.f...........!.................3... ...@....... ....................................@..................................3..O....@............... ..H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H.......L/..`............ ..y...P ......................................%...8..Qp.....i.U...C...B,..?..3..E.h.~Kq...u...[n:.... f=.D8..XrkZ...K..,.'a........D...Y.C..`..o.@....{.h...L[.S@.q.`Wu..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)jw.. ..A.k.i.zs....h.....X.)fP.[...w...{.{....6...6K[}B.W.PV.#Z..ww..}..~h...................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\fr\CloudCommon.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18504
                                                                                                                                                                                                                        Entropy (8bit):6.653415056182722
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:oCTHKO7O/UWxdsrg/jw1IYiArevSzAM+o/8E9VF0NyM0:vmTzIg/jwCYiRvSzAMxkE5
                                                                                                                                                                                                                        MD5:A3E74B1ABB44ABF11695192D5845C93E
                                                                                                                                                                                                                        SHA1:01EA48C7B8AEAACA536E5356FBB4CE8977EDCCBF
                                                                                                                                                                                                                        SHA-256:A45457EBD3B00E80575E8B5D96C3F85F26BD1AACDEB17F6DAA8844651C81CA0E
                                                                                                                                                                                                                        SHA-512:63C048FB9B0B5F361AA5EFF76F65332F5AF357E34BB13DDBEE7A01393A1DDFF4AFA840B54C189CE1167427974C7320ECD194B2ADC90D1AF6F915BBC24E4EC704
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^.f...........!................N4... ...@....... ..............................xT....@..................................3..W....@............... ..H(...`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................04......H......../..`............ ......P ........................................FVP...BM.~...T.y.@T.?...P.e....8G*o. ..X...k....$h[%6$VML.hy..;..P.......^}o...6Mu.aR....g...'yDi\..;q..`ZZ_.ow..l..l2...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)jw.. ..A.k.i.zs....h.....X.)fP.[...w...{.{....6...6K[}B.W.PV.#Z..ww..}..~h...................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\ja\CloudCommon.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19016
                                                                                                                                                                                                                        Entropy (8bit):6.803323488295445
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Kzq9X4zurW/jwoIYiArevg9AM+o/8E9VF0Nyc4bT:3XTW/jwxYiRvg9AMxkEn
                                                                                                                                                                                                                        MD5:CAC591EDC8D006B4D33FB2B5266B12A4
                                                                                                                                                                                                                        SHA1:A3867EF9AE6DB584153DDF708F83F83C42328A93
                                                                                                                                                                                                                        SHA-256:BAE912274759FB5175FB48883F2CB1566CB7B2B240E33A00F8F44F9E3960F104
                                                                                                                                                                                                                        SHA-512:6BE3EBF8FC0FF5DB7E97B45CA83FFDF45F775EF50CE60DC7347C6B522151DD0B920D14D2279537F64E1BE6088E690C6B253428B5AF6CDAA75D752C32CA12AD76
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^.f...........!.................6... ...@....... ..............................V%....@..................................6..S....@..............."..H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......82..`............ ..f...P ........................................].1............Az4t...L.W..%_&.@^.e"..Y.-.p.....u......R.iS.mLj....5.o.......,{e...i..^.........i....J.#..#.....mm6b..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)jw.. ..A.k.i.zs....h.....X.)fP.[...w...{.{....6...6K[}B.W.PV.#Z..ww..}..~h...................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AWS\zh-CN\CloudCommon.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17480
                                                                                                                                                                                                                        Entropy (8bit):6.915619826317733
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:BN7OoOs/jwQIYiArev5AM+o/8E9VF0NycGy7r:Gts/jw5YiRv5AMxkEK
                                                                                                                                                                                                                        MD5:ACA8F6FABC3EEF84535A3016ED850DF8
                                                                                                                                                                                                                        SHA1:5A22D3663A71AC09E9CD5CF94D16297C7DF7181D
                                                                                                                                                                                                                        SHA-256:A221F856E357FF895708FF9B07B6C1D292C5553E4738C3455CF0B72D405DDB01
                                                                                                                                                                                                                        SHA-512:F6D42FD4007651A2654A27B9421CC7193E2D804BF19238722310EE9A5462AA783FD4FA8D4955A060C2F0D828597EDDD7AF45FE400CF0FC58A1CA55DDA7FF9E7A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^.f...........!.................1... ...@....... ...............................'....@..................................1..K....@..................H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......<-..d............ ..l...P .......................................5..JJ>..o.)^#mU..Ms.ob<.i...s........H-Q.8Dg.Z....E..m.Fd..esi+..8%....\..j..4..L..^4|....h......-...'fD..B..7!...q....;^h..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)jw.. ..A.k.i.zs....h.....X.)fP.[...w...{.{....6...6K[}B.W.PV.#Z..ww..}..~h...................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\AddIns.store

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23324
                                                                                                                                                                                                                        Entropy (8bit):5.581822270131917
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:YX0i0Jb6ahb6zg6D/O3unzg6E9bE6qvbfkgKkcOg6Q9TdQPio00VrWhR/TRtnW9n:K/D5S2
                                                                                                                                                                                                                        MD5:6C5FFA370765ADE24AD4A39D27543062
                                                                                                                                                                                                                        SHA1:4C6BD82F6A277A1B12E6F946508131A4941D8C4E
                                                                                                                                                                                                                        SHA-256:ABF617EBA3AD91DFD2FB1DDAFE05E6F0B939FCDB44F54DAE77A070A0F6474773
                                                                                                                                                                                                                        SHA-512:3C5E1D03615026D71363BB850AE67311011F66F128421FE33A39E532B5B92AE68254406530D1A8A07EEDD0F36E0C6B853C1FC4CC7A2E44840B941980F0F347D5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.....[............................OSystem.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089.....)System.AddIn.Hosting.AddInDeploymentState....._addins._fileCount....System.Collections.Generic.List`1[[System.AddIn.AddIn, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..........8..........System.Collections.Generic.List`1[[System.AddIn.AddIn, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]....._items._size._version....System.AddIn.AddIn[]...................................System.AddIn.AddIn..................................................System.AddIn.AddIn....._potentialAddinBases._version._assemblyName._unlocalized.PipelineComponent+_typeInfo.PipelineComponent+_location#PipelineComponent+_relativeLocation'PipelineComponent+_connectedToNeighbors'PipelineComponent+_haveSetRootDirectory$PipelineComponent+_qualificationData..........&System.AddIn.MiniReflection.TypeInfo[].....System.AddIn.ResourceSta

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\BlankVhdTemplate.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10490880
                                                                                                                                                                                                                        Entropy (8bit):0.9485815165593214
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:G/pcGnh3vs/InbrTIHvPnHmC5irCuMo/+ncoZZihnh/7N:erZn7y/EGuH/cpin7
                                                                                                                                                                                                                        MD5:DF6E116B0D811CC974DCEF1792F8A907
                                                                                                                                                                                                                        SHA1:D5E96D8029268AE433FFFE58F2EB0891B6D3BDAA
                                                                                                                                                                                                                        SHA-256:9126D4AD4D71CAB4394973C8D2A57B6B9777649244931F4516CC2558CBCA4A6C
                                                                                                                                                                                                                        SHA-512:5945DBD72D9185DAA686831C544451E36D12E83A51A6F65E0205894CDEC22E79353F3FFEF93F4B2CD41BF73D2C66A141CEBA16ACA1AB2B67B13B71690669DF38
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix....................win ....Wi2k.............................+.d.OL...W................................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....o................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\Citrix.HCL.DistributedTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22088
                                                                                                                                                                                                                        Entropy (8bit):6.641765707043487
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:fEF5H8cTNlAlsys5y/pSU96ppG7JewIYiArevVAM+o/8E9VF0NyHiscMQ:f6BDBQIvppG7JeZYiRvVAMxkEsB3
                                                                                                                                                                                                                        MD5:F09C4821B3E7C25CA445E8A16324B79D
                                                                                                                                                                                                                        SHA1:A61C27BABF80BE9EA13E087EE4EB59167EF98248
                                                                                                                                                                                                                        SHA-256:1AD2203660F8B15635F95C90F45634861AB4F782FE647C7977C76125C5CDF533
                                                                                                                                                                                                                        SHA-512:E2E5E49CD926B140C9B120F6FEB38778D2F96B3B1B6A55F54D96C92B0DFB892CB3EA98316F9EC6E32C8B8F16AC77CA966E5AAE585AB75D220DDD55373F055EE0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..$...........C... ...`....... ....................................`.................................0C..O....`..t...............H(..........4B..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...t....`.......&..............@..@.reloc...............,..............@..B................dC......H........#..4....................A........................................(....*:.(......}....*..(....*~.(......s....}......o....}....*..0..+.......(....%%-.&.........+.(.....%-.(......s....*R.{......(.....o....*.0..}................-..+..o....( ...-....o.....o!...("...(#.......(.......(......-..+..($...-(.,%.o%......(&...,...o%......('...((...&.*....0..$...........()...-..+...(*......(+...(,...-..+..-.(-...+.(.......()...9......(/.....(0.......-'.{......(.............$.....o

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\DiscUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1011784
                                                                                                                                                                                                                        Entropy (8bit):6.001140300190096
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:QCmGf6qsJNLfnU9PbbpRTf1FgvSCCquyFY150:dJSLfnU9Pbn9FYBCq6u
                                                                                                                                                                                                                        MD5:A4DE4231E573C4586A3ADFB3F6E4497E
                                                                                                                                                                                                                        SHA1:EBD421F798FE937BEADFFD96FD0AC501FEAB1F2E
                                                                                                                                                                                                                        SHA-256:BA7AF306AC79D0E1438405D2681334B0F260D34C495AAA4755549F3CE61CB857
                                                                                                                                                                                                                        SHA-512:76953B2521787C35EDA8AA4625C33AFE92497B65F04B9A4B0E682D390E2DE47A91099EA7C1B84638F390502793C1A8171AAB85C5E787008C80C4F23B05AD47B8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y............" ..0..@..........b>... ...`....... ..............................U\....`..................................>..O....`...............H..H(..........8=..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................D>......H.......@B...t...................<........................................(l...*:.(l.....}....*v....(m.....}...........}....*..{....*"..}....*...0...........{.....{....j]i..-O..{....],..{.....jX.on...34.(o....{....op....(o......oq.......{......jX}......*.{.....{....j(......{.....jX.{....j(....%.Y ....j1.r...psr...z.Y.......(o....op....(o.......ioq.......Y(s...........(t.....{......jX}......*..0..<...........3...{....X.+...3...on...X...j/.rA..psr...z..}.....{....*.0..F.......

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\HypervisorsCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):138824
                                                                                                                                                                                                                        Entropy (8bit):6.148850658916972
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:y33DPnEZQttmdS6Wa2EJjtpUGzhv95Awth4G3LatfNFAfhrU:oTPzJ6W12DqNFWrU
                                                                                                                                                                                                                        MD5:D7F11F4F22DCA93BF7B5FD7C744EAC83
                                                                                                                                                                                                                        SHA1:9AEB0DEC0688737E25CA13CB159B0F3A618F6BCF
                                                                                                                                                                                                                        SHA-256:A5DB70A8D4AC887F562012E02CF349E36898ED112B8BAC9B747B7F23D1661A77
                                                                                                                                                                                                                        SHA-512:B71504CAE7132E0E5F93266F074AD9EDB0120A02C43C7583A7D1E62A5695BBCB812D087481CDAA75B8A37B6A52E757305367E281384BBCD4B0EECEB1E50EEDC0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r.<..........." ..0.................. ... ....... .......................`......^>....`.....................................O.... ..,...............H(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...,.... ......................@..@.reloc.......@......................@..B........................H............\..................L.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*..(.....r...p(.....r...p(.....r...p(......(....*r.(......(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..J.........s....}.....(......} .....}!...("......-..........+..(#...}$....,..o....*2.(%...o&...*..{$...*2.(%...o'...*..{....*2.((...o)...*..*..{*...*"..}*...*..{ ...*....0..;........(%...o+....{!..

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\PvsVmTemplate.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10490880
                                                                                                                                                                                                                        Entropy (8bit):0.95065153461183
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:D/pcGnh3vs/InbrTIHvPnHmC5irCuMo/+ncoZZihnh8jXTBxGQe2p4UEcGQ6xJYm:LrZn7y/EGuH/cpiUTk0
                                                                                                                                                                                                                        MD5:DB3BDCDEDC59E29178B7F54D87B41C62
                                                                                                                                                                                                                        SHA1:02A9DFB053A6D2B25A2460065FC55C2A4CCB7B75
                                                                                                                                                                                                                        SHA-256:A0D7D172F50026F44AFE728DB76EBA98CFFF859CBE9C620EAF30D748229662C1
                                                                                                                                                                                                                        SHA-512:B27BCED021D8B5D9816A5277D526D34756A93A0C193EC6B3821C227BB43E5CD8E6CE90083CF0637DD82E50407E2A28802A527B98BAB1EAB8E55432B264980B52
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix...................win ....Wi2k...........................l.....<......#...............................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....o................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\PvsVmTemplateForPreparationVM.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23078400
                                                                                                                                                                                                                        Entropy (8bit):1.1328074820682268
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:KrZn7y/EGuH/cpiBn6A9s0erAGCrZn7y/EGuH/cpiBfd+:yUDuH/c8N9s0+wUDuH/c8
                                                                                                                                                                                                                        MD5:14CF8A6B711753773D9971A6D1D98436
                                                                                                                                                                                                                        SHA1:806EC3E61015DB6E86AE6A6E7B65C4A24A004E24
                                                                                                                                                                                                                        SHA-256:6F26ED14F678EFECCA13B003F2E218429C455D037A2D37E8220EB3A7EF8BCED6
                                                                                                                                                                                                                        SHA-512:E380A0CD483AFC4E0BB1CD80DEC4D2BA62B419B2291AF894F4B4A7F0385C94C1CFE17DCD33B758F124DB799D6EC28FBC487C6B28645FFDC7BE034A377B47A131
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix................(...sdb ....Wi2k....@.......@.... .?...........W....-...GL............................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....u................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\SCVMM.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):450120
                                                                                                                                                                                                                        Entropy (8bit):5.972506324296725
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:AjFtjHZTTR+7fZXHtBv40uLNmSd5n2hLHIGpS6V6Vq0L:AHLZTV+7fZ9Bg0uLNmSdshKq6VL
                                                                                                                                                                                                                        MD5:7E4977D5779C20C78F62330E56DB215E
                                                                                                                                                                                                                        SHA1:7014504075B0B14A9D2B0D645C7F8FCAB20489DC
                                                                                                                                                                                                                        SHA-256:A3D6B2939AF09377DD008000A954D18A699C6CD8048690206BDB6D572577EAC6
                                                                                                                                                                                                                        SHA-512:41C9A74B4BFF571C4273584E7105E67D29B4090FE01C475DF7439DF45BFF87E51B2DD8BC1EA73546D0D56947A3810502CC4E1E26594BB68C3BC12AE672724BBD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q[..........." ..0.................. ........... ....................... ......wD....`.................................p...O.......................H(..............8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......|s...B............................................................{"...*..{#...*V.($.....}".....}#...*...0..A........u........4.,/(%....{"....{"...o&...,.('....{#....{#...o(...*.*.*. ].p. )UU.Z(%....{"...o)...X )UU.Z('....{#...o*...X*...0..b........r...p......%..{"......%q.........-.&.+.......o+....%..{#......%q.........-.&.+.......o+....(,...*..(-...*:.(-.....}....*..s$...}.....s....}.........(......}......}....*....0..P.......s8......}v.....}w......}x......}y......}

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\de\SCVMM.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20040
                                                                                                                                                                                                                        Entropy (8bit):6.7273096610648215
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:IBRfu9tegK6T5KdIYiArevdEOAM+o/8E9VF0NyPE:kfuLxT5KKYiRvdRAMxkE6
                                                                                                                                                                                                                        MD5:4C81AB81DDF7F688256AAC1099A67ABB
                                                                                                                                                                                                                        SHA1:B118BF4B5FF60A9E396D70D9BCEB17A93A7CE1B9
                                                                                                                                                                                                                        SHA-256:0CFBD84891DADCD4AB35F6B69900E3FA1B962D4FDF6ED05560AF3C5538F1964F
                                                                                                                                                                                                                        SHA-512:5A5A038F04208F353F34CAD3AD512368E9868A260EDBB98A9DF4C81332AC69D3A6BCEFE5A44A3642D4799ED1E814466A4D499AD3F337C1089603EB6B55F64C86
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....].f...........!.................=... ...@....... ....................................@..................................=..O....@...............&..H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H........8............... ......P ......................................H.Y..G....Z.b.I.. ...._..Y.5r%1.....O...oI5..I.5~.2C..W..j[...CY;..c....4;.../f..6(..d...C.41..O...W.................$U................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPJtj....p@z.....}........y+.I#..)fP.<...*...{.{...............K3...6...>.r.@.d\H.^.J}..T~..m+t.o..w

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\es\SCVMM.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20040
                                                                                                                                                                                                                        Entropy (8bit):6.6881976509435495
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:1ix7INZp6qK92T5KgIYiArevRGiAM+o/8E9VF0Nyv3c:a7INZp6ET5KpYiRvXAMxkEC
                                                                                                                                                                                                                        MD5:D8B4FB5FFB1222FBAB7B1820B188E195
                                                                                                                                                                                                                        SHA1:34CA39EA76D94C00A696C709E1AF3A4B13ADBA34
                                                                                                                                                                                                                        SHA-256:D9F9393B07D8728C2953E8BA1F9A4549EA4056A72FD22561D937FA713A413DCF
                                                                                                                                                                                                                        SHA-512:7B876D111AFA44C956EFE8D8343248EE714A8B787DCEE2980D5B3AF4E44181638A371081EDF1434F25A8E6F8D9C6F5AA6BEF756B3D52595DD0CC548D47E81E48
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....].f...........!................^=... ...@....... ....................................@..................................=..O....@...............&..H(...`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B................@=......H.......(8............... ..U...P .......................................*.....ZT.l?.b.#..G......=.`....$..^x...@.O.5...._.........*.L.)...`g.Z..V.tX.(...l.OY....\.s...E.-...d...C...}...^@/[.9*................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPJtj....p@z.....}........y+.I#..)fP.<...*...{.{...............K3...6...>.r.@.d\H.^.J}..T~..m+t.o..w

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\fr\SCVMM.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20552
                                                                                                                                                                                                                        Entropy (8bit):6.652507915390153
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:6L2GOeuzF1uT5KRIYiArevuAM+o/8E9VF0Nyw5p:69OeXT5KGYiRvuAMxkEIp
                                                                                                                                                                                                                        MD5:3EDE1F7685D29C1A39F27435BD05AF7F
                                                                                                                                                                                                                        SHA1:D104F1561BBB6264947BDA06B6187A79EEC61A35
                                                                                                                                                                                                                        SHA-256:56B002E551D9DE62E995B243586224ECBB7C0FE7BC120236D8BAD68634762487
                                                                                                                                                                                                                        SHA-512:00A02D1E38C420C726DCFB561EA19367F095EAF59A4726E3031D43B9190967D1AA3DA3854CFEE4697D0A1E8FEDC64E3D7038C1A09924DC9D8AA82D8F04E07296
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....].f...........!..... ...........>... ...@....... ....................................@..................................=..K....@...............(..H(...`....................................................... ............... ..H............text...4.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................>......H........8............... ..)...P ......................................a...@.[.=L............`h..K......(...ZT.<..3....5.......cF/...L<..\.47...&,.'...Y_s-./"..a.4..Nz";..84......Q.jdx..f.A.c..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPJtj....p@z.....}........y+.I#..)fP.<...*...{.{...............K3...6...>.r.@.d\H.^.J}..T~..m+t.o..w

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\ja\SCVMM.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21064
                                                                                                                                                                                                                        Entropy (8bit):6.857389975838762
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Yjd3Op5r/rvgqT5KJaIYiArevk0AM+o/8E9VF0NyFIr:w3A5r/7jT5KJnYiRvnAMxkEYr
                                                                                                                                                                                                                        MD5:ABAC54504365D135639A538195912400
                                                                                                                                                                                                                        SHA1:7BDECF0019B7E51DB72B9FF64D0946FB25A8F479
                                                                                                                                                                                                                        SHA-256:86F7FB9B4628AADDA0A65C2481C9488CADBC8268C57B6C78FF75215E73B87BC4
                                                                                                                                                                                                                        SHA-512:357B4A322D5B504A69DDD1CEAE2C4736A8EA8E857B1F8D4484743A76DEE3814424718C2FA0C97A871CD12631F8CA1FC4C4B618796D5A72315A79B5719F4E7036
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....].f...........!....."..........~A... ...`....... ....................................@.................................(A..S....`...............*..H(........................................................... ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B................`A......H.......D<............... ..t...P ......................................}...#j..3R..j..km...Y..R.HD|.P.....,(.wz...-.2..?....:.k...._.........P.....E.u...........a.$ja8.M...C..a.>`.J.....lQ..o.P..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPJtj....p@z.....}........y+.I#..)fP.<...*...{.{...............K3...6...>.r.@.d\H.^.J}..T~..m+t.o..w

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\SCVMM\zh-CN\SCVMM.resources.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18504
                                                                                                                                                                                                                        Entropy (8bit):6.969561051619872
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:IqNLHfEwT5KpIYiArevcAM+o/8E9VF0NyeC:pLpT5K+YiRvcAMxkE5
                                                                                                                                                                                                                        MD5:74CD87FECD13B5CD3B5BF5D2B009CB9E
                                                                                                                                                                                                                        SHA1:FE0B03E1180E8F6EDF509F2CD1D997D54ADD10EA
                                                                                                                                                                                                                        SHA-256:F9192216138AF72257E438520A3303716BE6C83145E0ED33E2BA0B94AEBFCE42
                                                                                                                                                                                                                        SHA-512:73951A614BC0A4347F877A23FEB5DA4FE56A8A3374BC3589C816EBAA3EED445F0B6DB44B7A5D52B51DDE3F38BABB53AFBDD23EE2E037C0F1776FA7002A9EC80E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....].f...........!.................6... ...@....... ..............................O[....@..................................6..K....@............... ..H(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................6......H.......02............... ..]...P ......................................FS8.&TV..(.C.yu._..F1.~..$............=..z.rU"...........z.[v...L.e.4F^n.'t}&.Y..z.C....+H.d..|q..I.[..Me......Zi ...)[ .G.=.Y..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPJtj....p@z.....}........y+.I#..)fP.<...*...{.{...............K3...6...>.r.@.d\H.^.J}..T~..m+t.o..w

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\BlankVhdTemplate.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10490880
                                                                                                                                                                                                                        Entropy (8bit):0.9485815165593214
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:G/pcGnh3vs/InbrTIHvPnHmC5irCuMo/+ncoZZihnh/7N:erZn7y/EGuH/cpin7
                                                                                                                                                                                                                        MD5:DF6E116B0D811CC974DCEF1792F8A907
                                                                                                                                                                                                                        SHA1:D5E96D8029268AE433FFFE58F2EB0891B6D3BDAA
                                                                                                                                                                                                                        SHA-256:9126D4AD4D71CAB4394973C8D2A57B6B9777649244931F4516CC2558CBCA4A6C
                                                                                                                                                                                                                        SHA-512:5945DBD72D9185DAA686831C544451E36D12E83A51A6F65E0205894CDEC22E79353F3FFEF93F4B2CD41BF73D2C66A141CEBA16ACA1AB2B67B13B71690669DF38
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix....................win ....Wi2k.............................+.d.OL...W................................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....o................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.DistributedTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22088
                                                                                                                                                                                                                        Entropy (8bit):6.641765707043487
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:fEF5H8cTNlAlsys5y/pSU96ppG7JewIYiArevVAM+o/8E9VF0NyHiscMQ:f6BDBQIvppG7JeZYiRvVAMxkEsB3
                                                                                                                                                                                                                        MD5:F09C4821B3E7C25CA445E8A16324B79D
                                                                                                                                                                                                                        SHA1:A61C27BABF80BE9EA13E087EE4EB59167EF98248
                                                                                                                                                                                                                        SHA-256:1AD2203660F8B15635F95C90F45634861AB4F782FE647C7977C76125C5CDF533
                                                                                                                                                                                                                        SHA-512:E2E5E49CD926B140C9B120F6FEB38778D2F96B3B1B6A55F54D96C92B0DFB892CB3EA98316F9EC6E32C8B8F16AC77CA966E5AAE585AB75D220DDD55373F055EE0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..$...........C... ...`....... ....................................`.................................0C..O....`..t...............H(..........4B..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...t....`.......&..............@..@.reloc...............,..............@..B................dC......H........#..4....................A........................................(....*:.(......}....*..(....*~.(......s....}......o....}....*..0..+.......(....%%-.&.........+.(.....%-.(......s....*R.{......(.....o....*.0..}................-..+..o....( ...-....o.....o!...("...(#.......(.......(......-..+..($...-(.,%.o%......(&...,...o%......('...((...&.*....0..$...........()...-..+...(*......(+...(,...-..+..-.(-...+.(.......()...9......(/.....(0.......-'.{......(.............$.....o

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.HCL.TlsCertificateVerification.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):29768
                                                                                                                                                                                                                        Entropy (8bit):6.532090903574199
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:8a5a6zNyEchOErjyqmCAXJBp+zJ2KYiRvsbAMxkEm:8Ea6UEch7bmCACt7NAxS
                                                                                                                                                                                                                        MD5:5A4790E5F96AA3587E3F7C883CFBB000
                                                                                                                                                                                                                        SHA1:737F7EF19EBCD1C34847678264E40313BFB28CD4
                                                                                                                                                                                                                        SHA-256:F73A968BFBE2C82CD759667FFDBCF5DE94BEF84EC3F6ED6155C2DB479C39C8C4
                                                                                                                                                                                                                        SHA-512:57B3E1423BAA88520DADDECA25B128923E4A455B687C10DBE715A0AC9F3AA2DB29859DE9DA787EAC0A8FC69E43B8FC6C90469503F82C5F01A32C684465B129BF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M............" ..0..B...........a... ........... ..............................r.....`.................................ta..O....................L..H(..........h`..8............................................ ............... ..H............text....A... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B.................a......H.......82...-..................._........................................{....*..{....*..{....*r.(......}......}......}....*....0..Y........u........L.,G(.....{.....{....o....,/(.....{.....{....o ...,.(!....{.....{....o"...*.*.*....0..K....... .R.. )UU.Z(.....{....o#...X )UU.Z(.....{....o$...X )UU.Z(!....{....o%...X*..0...........r...p......%..{.......%q.........-.&.+.......o&....%..{.......%q.........-.&.+.......o&....%..{.......%q.........-.&.+.......o&....('...*..{(...*:.

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.Authentication.Models.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17992
                                                                                                                                                                                                                        Entropy (8bit):6.738944150774985
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ZsQLxuNtRtyZPJBTIYiArevoCbAM+o/8E9VF0Ny58Y:6U0PtyZPJBcYiRvLbAMxkEAY
                                                                                                                                                                                                                        MD5:8EFBE7AFA76BFB08ED1DBA339F2997EE
                                                                                                                                                                                                                        SHA1:2C353D78FEA351F0EE196C4351C91DD9C144A2EC
                                                                                                                                                                                                                        SHA-256:5110D6ADA044AB0692E6192726EA572EC1554595F423CFE21CDCA42B37061BF4
                                                                                                                                                                                                                        SHA-512:9367DA4B851665B9E3EF9CDB920496302CB1E9BF1A18CF58061F58F23273AEDDE31377E413637CE6A279E945DD75CE52A460C886C54DA03DBB2EB40A9CD6207B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............" ..0..............2... ...@....... ..............................[=....`.................................m2..O....@..t...............H(...`......|1..8............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................2......H.......d!.......................0........................................(....*:.(......}....*...r...p(......}......}.......}....*..{....*.r...p*..{....*..{....*...r!..p(......}......}.......}.......}....*..{....*.r)..p*..{....*..{....*..{....*.r1..ps..........%.rE..p.%.rO..p.%.r_..p.s.........*n..rq..p(......}......}....*..{....*.r}..p*..{....*BSJB............v4.0.30319......l...H...#~..........#Strings............#US.T.......#GUID...d...4...#Blob...........W..........3....

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Citrix.Xaxd.NgsTunnel.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):56904
                                                                                                                                                                                                                        Entropy (8bit):6.217499635766494
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:jMMWQu+s+f+yXl6uGhDuX6UXfq1gZl7NgxP:wRQunujX6UkKlhM
                                                                                                                                                                                                                        MD5:C2778ED46F59ECE4F4FF642E40DDCE18
                                                                                                                                                                                                                        SHA1:CC914C0B6B1BA99C39896D7026729C345461F90E
                                                                                                                                                                                                                        SHA-256:DAC1BBE7A53FCC0D246876476E4630D758120B2D8AF0D801B5B84151F84CB6D7
                                                                                                                                                                                                                        SHA-512:47D94230E6153B1170960AFF102619742B6C1DB37B36995FC195944048415CA380CCED1E35C78DA16C06B6FF2F08A83DC48AF9B520CF9902AEC854F8A4C3E3CE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............".... ........... ....................... ............`.....................................O.......,...............H(..............8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........W..tq..................t.........................................{....*..{....*..{....*..{....*..{....*..(......}......}......}.......}.......}....*....0...........u........|.,w( ....{.....{....o!...,_("....{.....{....o#...,G($....{.....{....o%...,/(&....{.....{....o'...,.((....{.....{....o)...*.*.*....0..y....... ..@' )UU.Z( ....{....o*...X )UU.Z("....{....o+...X )UU.Z($....{....o,...X )UU.Z(&....{....o-...X )UU.Z((....{....o....X*....0...........r...p......%..{....

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\DiscUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1011784
                                                                                                                                                                                                                        Entropy (8bit):6.001140300190096
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:QCmGf6qsJNLfnU9PbbpRTf1FgvSCCquyFY150:dJSLfnU9Pbn9FYBCq6u
                                                                                                                                                                                                                        MD5:A4DE4231E573C4586A3ADFB3F6E4497E
                                                                                                                                                                                                                        SHA1:EBD421F798FE937BEADFFD96FD0AC501FEAB1F2E
                                                                                                                                                                                                                        SHA-256:BA7AF306AC79D0E1438405D2681334B0F260D34C495AAA4755549F3CE61CB857
                                                                                                                                                                                                                        SHA-512:76953B2521787C35EDA8AA4625C33AFE92497B65F04B9A4B0E682D390E2DE47A91099EA7C1B84638F390502793C1A8171AAB85C5E787008C80C4F23B05AD47B8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y............" ..0..@..........b>... ...`....... ..............................U\....`..................................>..O....`...............H..H(..........8=..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................D>......H.......@B...t...................<........................................(l...*:.(l.....}....*v....(m.....}...........}....*..{....*"..}....*...0...........{.....{....j]i..-O..{....],..{.....jX.on...34.(o....{....op....(o......oq.......{......jX}......*.{.....{....j(......{.....jX.{....j(....%.Y ....j1.r...psr...z.Y.......(o....op....(o.......ioq.......Y(s...........(t.....{......jX}......*..0..<...........3...{....X.+...3...on...X...j/.rA..psr...z..}.....{....*.0..F.......

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaEnv.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19528
                                                                                                                                                                                                                        Entropy (8bit):6.6642651332110745
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:3WiWoaUzPHF38Lvrd2SbIYiArevKAM+o/8E9VF0NyAca:QyHF3erd2SkYiRvKAMxkEk
                                                                                                                                                                                                                        MD5:D8FAAB044E2CB8B06F22FC8AE4BE4065
                                                                                                                                                                                                                        SHA1:521A25E4C645DD349BFBBE6B9AFCEA9304CE37F8
                                                                                                                                                                                                                        SHA-256:5ACFDD60C8357314978F89D692BB690E5FD0B624A6254C6E71306C8AE2BFA413
                                                                                                                                                                                                                        SHA-512:5F710A526EB3092E540F43DB5784851DDBD1D36C44A8F245206B57E38335B112F0C0F567385785AB475F40C2556C0CB0D4E37EB0906FB21D6CC40FE6882E111E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(i............" ..0.............^8... ...@....... ...............................9....`..................................8..O....@...............$..H(...`......,7..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................>8......H........".......................6........................................(....*:.(......}....*&(.......*....0..,............(..........(....-.(......s..........*.*.0..,............(..........(....-.(......s..........*.*2.s.........*..~....%-.&~..........s....%.....(...+*..~....%-.&~..........s....%.....(...+*..0..Z.......(....r...po......-.r...p(......(....-..(....*(....( ...,.(!.....(....-..(....+.....&...*.*........9..S.......0..=.......(....r#..po......-.r#..p(......(....

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaLogging.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):126536
                                                                                                                                                                                                                        Entropy (8bit):6.157244812120886
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:p+T0ALDroBX1thLGeopppS555KiTTTnjo/ApuOhSIrXhp0:p+WlthLGeopppS555KiTTTn5bBVG
                                                                                                                                                                                                                        MD5:DD5B712CCC880DD1C0B5CFDA72517BC0
                                                                                                                                                                                                                        SHA1:187129207C0BC10B84D39306A284B509798FBF49
                                                                                                                                                                                                                        SHA-256:DA7AF58ECC243F7195991A27C0D79C9C5876E189A5B08531E65E681548C580F4
                                                                                                                                                                                                                        SHA-512:39E4E39F8B4405EDE896F5FCE90189C0B6FC6BF6E45DC348E4F1FE66D787E8C15677FC936054A508E6AA9AD8C8DE49F006F70F30EADA5128A0AF9EF45A658014
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........." ..0.............f.... ........... ....................... ......n.....`.....................................O.......,...............H(..........4...8............................................ ............... ..H............text...x.... ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B................F.......H...........(5...........................................................(2...*..(,...*^.(,......}...%...}....*:.(,.....}....*:.(,.....}....*...}.....~C...o-...}.....{......(....o....&..}......}....*..0..D.........}.....~C...o-...}.....{......(....o....&..}......,..(....+..}....*..o/....~...(0...(1...,.......(0...o2......*.*2.{....o3...*..{....o3....{....,.~C....{....o4...*:..}.....{....*F ........ZX(5...*:.{.....o6...&*..{....,..{.......(...+o6...&*.,..{.....o6...&*..0..4...

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\FmaUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):53832
                                                                                                                                                                                                                        Entropy (8bit):6.291618786751576
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:OX6XG5H6R4Jn0sBC3ZRRIsUUMKeD8L7NyKxdC:S6XG5aR4URRXU7ILhk
                                                                                                                                                                                                                        MD5:C35697FA55E4E1DAFB826A0649A3EAC4
                                                                                                                                                                                                                        SHA1:B68CC146E4ACFD614C4BE26432CDD2A15874D6C9
                                                                                                                                                                                                                        SHA-256:FD522D60C27FF7202A8F2CE9E58091069892EB1CA9D475AC50B2987ED2ED6FEE
                                                                                                                                                                                                                        SHA-512:20857724746AE42A66456FAF9D722CCF3B03B3CB268B82F6EA7FF8E6CF26E0710290B0AB9A38ED4BC67A8BC644119C3CF74D03915C5B25227F56576C3AE70310
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S^5..........." ..0.................. ........... ...................................`.................................:...O....... ...............H(..........`...8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................n.......H........J...r...........................................................('...*:.('.....}....*..0..:.......s(......s).........io*......,..o......o+.......,..o......*......................(........0..k........s,....s(......s).... .....S.....+......o*..........io-...%.-....,..o......o+........,..o......,..o.......*..(......+@..........GT..........W^.......0...........s......%-.&(...+o0....8.....o1......(2...r...p.(3...,!..(4...(...+.3....(4...(...+o7.....(2...r%..p.(3...,!..(4

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\HypervisorsCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):138824
                                                                                                                                                                                                                        Entropy (8bit):6.148850658916972
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:y33DPnEZQttmdS6Wa2EJjtpUGzhv95Awth4G3LatfNFAfhrU:oTPzJ6W12DqNFWrU
                                                                                                                                                                                                                        MD5:D7F11F4F22DCA93BF7B5FD7C744EAC83
                                                                                                                                                                                                                        SHA1:9AEB0DEC0688737E25CA13CB159B0F3A618F6BCF
                                                                                                                                                                                                                        SHA-256:A5DB70A8D4AC887F562012E02CF349E36898ED112B8BAC9B747B7F23D1661A77
                                                                                                                                                                                                                        SHA-512:B71504CAE7132E0E5F93266F074AD9EDB0120A02C43C7583A7D1E62A5695BBCB812D087481CDAA75B8A37B6A52E757305367E281384BBCD4B0EECEB1E50EEDC0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r.<..........." ..0.................. ... ....... .......................`......^>....`.....................................O.... ..,...............H(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...,.... ......................@..@.reloc.......@......................@..B........................H............\..................L.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*..(.....r...p(.....r...p(.....r...p(......(....*r.(......(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..J.........s....}.....(......} .....}!...("......-..........+..(#...}$....,..o....*2.(%...o&...*..{$...*2.(%...o'...*..{....*2.((...o)...*..*..{*...*"..}*...*..{ ...*....0..;........(%...o+....{!..

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Microsoft.Extensions.ObjectPool.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25352
                                                                                                                                                                                                                        Entropy (8bit):6.507177539992328
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:3SvZrQrgFOADPcdpr0Wc32QW0NvTb2HRN7QVEnR9zVHpXW:3EugcwUdpWNv/iaER9zVJXW
                                                                                                                                                                                                                        MD5:3E1A7A9976DDE8020A6BB3F6F1A27600
                                                                                                                                                                                                                        SHA1:DC6E70E86FCF5EFA28C93D05B6CC77579BC15C02
                                                                                                                                                                                                                        SHA-256:4EB25A717DED583DBF26069D1EBC5A101CBB0060F3935F26447216CBBA53FA28
                                                                                                                                                                                                                        SHA-512:AC659CA2E0C2C6E5C8A2C12D15E5EAA8D0A252EEDC5DEB5B2BE605C3AA15A8CD2711B9B7C295EFE3D82F9DAE722D11621C9BD31D7765CC85DD5A7FF51124AF8B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........." ..0..0..........:N... ...`....... ..............................>.....`..................................M..O....`...............:...)...........L..T............................................ ............... ..H............text...@.... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................N......H........'...$..................pL........................................(....*^.(....... ...%...}....*:.(......}....*:.(......}....*:.(......}....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(.......!...%...}....*:.(......}....*..{....*z.(......}.......!...%...}....*V.(......}......}....*..{....*..{....*>..(.....Z(....*....0..V..........}.....(......{....%-.&r...ps....z}......{....u...

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\Newtonsoft.Json.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):711952
                                                                                                                                                                                                                        Entropy (8bit):5.967185619483575
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
                                                                                                                                                                                                                        MD5:195FFB7167DB3219B217C4FD439EEDD6
                                                                                                                                                                                                                        SHA1:1E76E6099570EDE620B76ED47CF8D03A936D49F8
                                                                                                                                                                                                                        SHA-256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
                                                                                                                                                                                                                        SHA-512:56EB7F070929B239642DAB729537DDE2C2287BDB852AD9E80B5358C74B14BC2B2DDED910D0E3B6304EA27EB587E5F19DB0A92E1CBAE6A70FB20B4EF05057E4AC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O......................../.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\PvsVmTemplate.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10490880
                                                                                                                                                                                                                        Entropy (8bit):0.95065153461183
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:D/pcGnh3vs/InbrTIHvPnHmC5irCuMo/+ncoZZihnh8jXTBxGQe2p4UEcGQ6xJYm:LrZn7y/EGuH/cpiUTk0
                                                                                                                                                                                                                        MD5:DB3BDCDEDC59E29178B7F54D87B41C62
                                                                                                                                                                                                                        SHA1:02A9DFB053A6D2B25A2460065FC55C2A4CCB7B75
                                                                                                                                                                                                                        SHA-256:A0D7D172F50026F44AFE728DB76EBA98CFFF859CBE9C620EAF30D748229662C1
                                                                                                                                                                                                                        SHA-512:B27BCED021D8B5D9816A5277D526D34756A93A0C193EC6B3821C227BB43E5CD8E6CE90083CF0637DD82E50407E2A28802A527B98BAB1EAB8E55432B264980B52
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix...................win ....Wi2k...........................l.....<......#...............................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....o................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\PvsVmTemplateForPreparationVM.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23078400
                                                                                                                                                                                                                        Entropy (8bit):1.1328074820682268
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:14CF8A6B711753773D9971A6D1D98436
                                                                                                                                                                                                                        SHA1:806EC3E61015DB6E86AE6A6E7B65C4A24A004E24
                                                                                                                                                                                                                        SHA-256:6F26ED14F678EFECCA13B003F2E218429C455D037A2D37E8220EB3A7EF8BCED6
                                                                                                                                                                                                                        SHA-512:E380A0CD483AFC4E0BB1CD80DEC4D2BA62B419B2291AF894F4B4A7F0385C94C1CFE17DCD33B758F124DB799D6EC28FBC487C6B28645FFDC7BE034A377B47A131
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix................(...sdb ....Wi2k....@.......@.... .?...........W....-...GL............................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....u................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\RestSharp.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):190464
                                                                                                                                                                                                                        Entropy (8bit):6.164000610883027
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:EBB404B296276A65D85A13CE889A64AB
                                                                                                                                                                                                                        SHA1:2FE54894589988A7C3B0C752F4DE9D84B3F21312
                                                                                                                                                                                                                        SHA-256:37BF2A8815E1833153FF92D0BEC3A1405F5C5F146884D0563A96BACD1B0074F9
                                                                                                                                                                                                                        SHA-512:C0BA618CC6AA3987930598BF9557F6E2AA6657F72FEBDC034B07AC25C2682DEBECCAC4940A27A8612C1B84C70E350E78D19E8928CAC613CADC48E4FEFADA9F71
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.C..........." ..0.................. ........... .......................@............`.................................\...O.......L.................... ......t...T............................................ ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc....... ......................@..B........................H.......<.................................................................{'...*..{(...*V.().....}'.....}(...*...0..A........u........4.,/(*....{'....{'...o+...,.(,....{(....{(...o-...*.*.*. z... )UU.Z(*....{'...o....X )UU.Z(,....{(...o/...X*...0..b........r...p......%..{'......%q.........-.&.+.......o0....%..{(......%q.........-.&.+.......o0....(1...*..(2...*^.(2..........%...}....*:.(2.....}....*:.(2.....}....*R.rI..p.(3.....}....*..{....*..{$...*"..}$...*..{%...*"..}%...*.

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\StandardSocketsHttpHandler.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):233472
                                                                                                                                                                                                                        Entropy (8bit):5.877859797546977
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:BF45E91ABF5E766CFEFCFC90E2ED1D7F
                                                                                                                                                                                                                        SHA1:2D8829AA8F1D5DC4758309BF1DBAFC69D5A44729
                                                                                                                                                                                                                        SHA-256:237899763C0869C2AC057BAD4FA43BA0159D2931AC43486093DBE93EC17A8CA9
                                                                                                                                                                                                                        SHA-512:E995BD3F5C15294DA92B1C68E9D9C721EEA1E21AA6DC3BFD9B2312A152EBDEF9595055C60CF776D6069A9F91DEA8C1D52F3BE60C4423787AA71D31E46E4A67CE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....m..........."!..0................. ........@.. ....................................`.....................................K...................................t................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................L.. w..4.........................................(....*B...o.....Y(....*....0..c........-.~....*..X.Y.+...X....0...o....(....-.+...Y...2...o....(....-...Y.X..,...o.........o....*.*~....*..0.................(.....o......(....*...0..,.............-..+.........o.....(.....X.(....(....*.0..K.............-..+.........o...........-..+.........o.....(.....X.(.....(....(....*..0..k.............-..+.........o...........-..+.........o...........-..+.........o..

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\VMware\bdm.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:DOS/MBR boot sector; partition 1 : ID=0xee, start-CHS (0x0,0,2), end-CHS (0x3ff,255,63), startsector 1, 4294967295 sectors, extended partition table (last)
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20972032
                                                                                                                                                                                                                        Entropy (8bit):0.42137146875552817
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:7879E75500F7DC8CB615DE1DBEE7A180
                                                                                                                                                                                                                        SHA1:D0D0C998E19DEB7CF3D23090E5C715AC2CBDB826
                                                                                                                                                                                                                        SHA-256:1DB64DAD348CC6394F7DCCF126419D9427D73CD85DA7F1AADCCECAF89620E647
                                                                                                                                                                                                                        SHA-512:67419D3B7505E70966B13F5F1F920BAC323FDE6288DC30F081D3F283CBC8BB7F181D9E14584CA2827073D11629334BFF0A05AC055846B0A70D9764304909275C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................U.EFI PART....\...M..s...................."..............<.a...@..Y[/yE................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\BlankVhdTemplate.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10490880
                                                                                                                                                                                                                        Entropy (8bit):0.9485815165593214
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:DF6E116B0D811CC974DCEF1792F8A907
                                                                                                                                                                                                                        SHA1:D5E96D8029268AE433FFFE58F2EB0891B6D3BDAA
                                                                                                                                                                                                                        SHA-256:9126D4AD4D71CAB4394973C8D2A57B6B9777649244931F4516CC2558CBCA4A6C
                                                                                                                                                                                                                        SHA-512:5945DBD72D9185DAA686831C544451E36D12E83A51A6F65E0205894CDEC22E79353F3FFEF93F4B2CD41BF73D2C66A141CEBA16ACA1AB2B67B13B71690669DF38
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix....................win ....Wi2k.............................+.d.OL...W................................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....o................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\Castle.Core.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):423936
                                                                                                                                                                                                                        Entropy (8bit):5.853585893632762
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:70FFADA1F49EE3519BA126F6BF16324D
                                                                                                                                                                                                                        SHA1:C5F010C2FB0CAAF902DE3AD80F9640A611E4F4A4
                                                                                                                                                                                                                        SHA-256:EF21B0869D1FE1BA3F0A3E910F9858A37B3DC544CB78A92657B4CF0108959FAB
                                                                                                                                                                                                                        SHA-512:13017E4741CCC6792EEEBC9BE9F8BC726BEEE0775FBC4A4C26DDBAEE4BE36FE0F6B0DDAC7D257AAC98620C5E9938E917A9AB5845FE0C5B2F3495056E6BB03EC6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..n............... ........... ..............................ZE....`.................................K...O...................................t...T............................................ ............... ..H............text...Hm... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B........................H........(...`..............X............................................{....*..{....*V.(......}......}....*...0..A........uD.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. .... )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%qG....G...-.&.+...G...o.....%..{.......%qH....H...-.&.+...H...o.....(....*..{....*..{....*V.(......}......}....*.0..A........uI.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. O... )UU.

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\Citrix.HCL.DistributedTracing.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22088
                                                                                                                                                                                                                        Entropy (8bit):6.641765707043487
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:F09C4821B3E7C25CA445E8A16324B79D
                                                                                                                                                                                                                        SHA1:A61C27BABF80BE9EA13E087EE4EB59167EF98248
                                                                                                                                                                                                                        SHA-256:1AD2203660F8B15635F95C90F45634861AB4F782FE647C7977C76125C5CDF533
                                                                                                                                                                                                                        SHA-512:E2E5E49CD926B140C9B120F6FEB38778D2F96B3B1B6A55F54D96C92B0DFB892CB3EA98316F9EC6E32C8B8F16AC77CA966E5AAE585AB75D220DDD55373F055EE0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..$...........C... ...`....... ....................................`.................................0C..O....`..t...............H(..........4B..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...t....`.......&..............@..@.reloc...............,..............@..B................dC......H........#..4....................A........................................(....*:.(......}....*..(....*~.(......s....}......o....}....*..0..+.......(....%%-.&.........+.(.....%-.(......s....*R.{......(.....o....*.0..}................-..+..o....( ...-....o.....o!...("...(#.......(.......(......-..+..($...-(.,%.o%......(&...,...o%......('...((...&.*....0..$...........()...-..+...(*......(+...(,...-..+..-.(-...+.(.......()...9......(/.....(0.......-'.{......(.............$.....o

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\CookComputing.XmlRpcV2.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):137528
                                                                                                                                                                                                                        Entropy (8bit):5.815507865214275
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:03E62A8097052CC7C813D1E895214576
                                                                                                                                                                                                                        SHA1:8F946163113067C3FB56D116B8EA285414F878C8
                                                                                                                                                                                                                        SHA-256:6A94BE5455BCF11E8A91F18EC4DD528EF7AC6A3B9BEB802538E1F66D3CD6002B
                                                                                                                                                                                                                        SHA-512:3EEB6411D5B6D83AA2F3633E9EA6B884A84C4C577D2001777FD30C38C09DBE4D36C93E080D8CA913127CAA13514715D1FA173DA94D50FBC5F6C4DBCD61318CE6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y.b.........." ..0...... .......... ........... ..............................R%....`.................................x...O.......................8I..........@................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\DiscUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1011784
                                                                                                                                                                                                                        Entropy (8bit):6.001140300190096
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A4DE4231E573C4586A3ADFB3F6E4497E
                                                                                                                                                                                                                        SHA1:EBD421F798FE937BEADFFD96FD0AC501FEAB1F2E
                                                                                                                                                                                                                        SHA-256:BA7AF306AC79D0E1438405D2681334B0F260D34C495AAA4755549F3CE61CB857
                                                                                                                                                                                                                        SHA-512:76953B2521787C35EDA8AA4625C33AFE92497B65F04B9A4B0E682D390E2DE47A91099EA7C1B84638F390502793C1A8171AAB85C5E787008C80C4F23B05AD47B8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y............" ..0..@..........b>... ...`....... ..............................U\....`..................................>..O....`...............H..H(..........8=..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................D>......H.......@B...t...................<........................................(l...*:.(l.....}....*v....(m.....}...........}....*..{....*"..}....*...0...........{.....{....j]i..-O..{....],..{.....jX.on...34.(o....{....op....(o......oq.......{......jX}......*.{.....{....j(......{.....jX.{....j(....%.Y ....j1.r...psr...z.Y.......(o....op....(o.......ioq.......Y(s...........(t.....{......jX}......*..0..<...........3...{....X.+...3...on...X...j/.rA..psr...z..}.....{....*.0..F.......

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\HypervisorsCommon.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):138824
                                                                                                                                                                                                                        Entropy (8bit):6.148850658916972
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:D7F11F4F22DCA93BF7B5FD7C744EAC83
                                                                                                                                                                                                                        SHA1:9AEB0DEC0688737E25CA13CB159B0F3A618F6BCF
                                                                                                                                                                                                                        SHA-256:A5DB70A8D4AC887F562012E02CF349E36898ED112B8BAC9B747B7F23D1661A77
                                                                                                                                                                                                                        SHA-512:B71504CAE7132E0E5F93266F074AD9EDB0120A02C43C7583A7D1E62A5695BBCB812D087481CDAA75B8A37B6A52E757305367E281384BBCD4B0EECEB1E50EEDC0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r.<..........." ..0.................. ... ....... .......................`......^>....`.....................................O.... ..,...............H(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...,.... ......................@..@.reloc.......@......................@..B........................H............\..................L.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*..(.....r...p(.....r...p(.....r...p(......(....*r.(......(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..J.........s....}.....(......} .....}!...("......-..........+..(#...}$....,..o....*2.(%...o&...*..{$...*2.(%...o'...*..{....*2.((...o)...*..*..{*...*"..}*...*..{ ...*....0..;........(%...o+....{!..

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\Newtonsoft.Json.CH.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):717120
                                                                                                                                                                                                                        Entropy (8bit):5.976329516286841
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:FA131F5C8765A006ABCC87337563E094
                                                                                                                                                                                                                        SHA1:7D549130855815F99CA35F4756B67C0FDE421601
                                                                                                                                                                                                                        SHA-256:5B6E59CDC8AE5539919D2BA381DD140ACDD73298BFE78B09F786475718E421C1
                                                                                                                                                                                                                        SHA-512:1CF2DCCC2CCB2A4E43BF5A5533EBB16507479138C58BBF7619480F07EA51307D861ED497E4A6442B238816F4C9F2E32170C48E195522856E1DCF6E4EDACBB660
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}............" ..0.................. ........... ..............................XK....`.....................................O.......l...............@I.............8............................................ ............... ..H............text....... ...................... ..`.rsrc...l...........................@..@.reloc..............................@..B.......................H............2..................L.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY...{...._..{..........+,..{`....3...{_......(....,...{_...*..{a.......-..*....0...........-.r...ps....z.o......-.~....*.~....X...

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\PvsVmTemplate.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10490880
                                                                                                                                                                                                                        Entropy (8bit):0.95065153461183
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:DB3BDCDEDC59E29178B7F54D87B41C62
                                                                                                                                                                                                                        SHA1:02A9DFB053A6D2B25A2460065FC55C2A4CCB7B75
                                                                                                                                                                                                                        SHA-256:A0D7D172F50026F44AFE728DB76EBA98CFFF859CBE9C620EAF30D748229662C1
                                                                                                                                                                                                                        SHA-512:B27BCED021D8B5D9816A5277D526D34756A93A0C193EC6B3821C227BB43E5CD8E6CE90083CF0637DD82E50407E2A28802A527B98BAB1EAB8E55432B264980B52
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix...................win ....Wi2k...........................l.....<......#...............................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....o................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\XenServer\PvsVmTemplateForPreparationVM.vhd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23078400
                                                                                                                                                                                                                        Entropy (8bit):1.1328074820682268
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:14CF8A6B711753773D9971A6D1D98436
                                                                                                                                                                                                                        SHA1:806EC3E61015DB6E86AE6A6E7B65C4A24A004E24
                                                                                                                                                                                                                        SHA-256:6F26ED14F678EFECCA13B003F2E218429C455D037A2D37E8220EB3A7EF8BCED6
                                                                                                                                                                                                                        SHA-512:E380A0CD483AFC4E0BB1CD80DEC4D2BA62B419B2291AF894F4B4A7F0385C94C1CFE17DCD33B758F124DB799D6EC28FBC487C6B28645FFDC7BE034A377B47A131
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:conectix................(...sdb ....Wi2k....@.......@.... .?...........W....-...GL............................................................................................................................................................................................................................................................................................................................................................................................................................................cxsparse......................... .....u................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\ManagedMachine\v2.5.0.0\AddIns.store

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):589
                                                                                                                                                                                                                        Entropy (8bit):5.254846093055834
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:16829DF43ABC7FD08EF2D7B574D59D38
                                                                                                                                                                                                                        SHA1:0A033135109B993241D538044ED36DB6732F6564
                                                                                                                                                                                                                        SHA-256:82EF71E8965997C44AFE6B15B8C9C119A3755162AB929CAA5949B33B64B85FA6
                                                                                                                                                                                                                        SHA-512:5545805C021A866649264A1BC14BA2D6CBBDE813E29A8D97BFED40110B8DADBDE7201C46BAFCDDFB632935A85509BEC19C37C7CE126A8F69AC021B84681193CD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:....A.............................OSystem.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089.....)System.AddIn.Hosting.AddInDeploymentState....._addins._fileCount....System.Collections.Generic.List`1[[System.AddIn.AddIn, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].....................System.Collections.Generic.List`1[[System.AddIn.AddIn, System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]....._items._size._version....System.AddIn.AddIn[]...................................System.AddIn.AddIn.....

                                                                                                                                                                                                                        C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32840
                                                                                                                                                                                                                        Entropy (8bit):6.333128276183871
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:42B1415948404168E021518E8A5EE683
                                                                                                                                                                                                                        SHA1:9865DB86C0B9637B8D8B29D8A8BA51EF404DA65B
                                                                                                                                                                                                                        SHA-256:1A9B6BB3F0D808EA73DEB20094A6623271098D2FF8B5B088F94FFE0BFFD128D6
                                                                                                                                                                                                                        SHA-512:ECC3085FB8261E0AC2D93D12FFA55A1302086AB56D5EC2F4257F931D8CF51D006284829F68B26697811E8A6162D31DBD52D6DC8C8A0FF7E9FAE309647540A6B4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\.<..........."...0..L...........j... ........@.. ....................................`.................................^j..O.......T............X..H(..........pi..8............................................ ............... ..H............text....J... ...L.................. ..`.rsrc...T............N..............@..@.reloc...............V..............@..B.................j......H......../...6......2....f..h....h........................................(....*:.(......}....*..0..M........(.....s....(......(.......(.....(B...(.....r...p(.....r...p(.....(A...(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*...0..l.......s......(....,...(....o....&.(....,..o....&..(....o....&.(...

                                                                                                                                                                                                                        C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):999
                                                                                                                                                                                                                        Entropy (8bit):4.966299883488245
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:24567B9212F806F6E3E27CDEB07728C0
                                                                                                                                                                                                                        SHA1:371AE77042FFF52327BF4B929495D5603404107D
                                                                                                                                                                                                                        SHA-256:82F352AD3C9B3E58ECD3207EDC38D5F01B14D968DA908406BD60FD93230B69F6
                                                                                                                                                                                                                        SHA-512:5D5E65FCD9061DADC760C9B3124547F2BABEB49FD56A2FD2FE2AD2211A1CB15436DB24308A0B5A87DA24EC6AB2A9B0C5242D828BE85BD1B2683F9468CE310904
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<software_identification_tag xmlns="http://standards.iso.org/iso/19770/-2/2009/schema.xsd">...<entitlement_required_indicator>true</entitlement_required_indicator>...<product_title>Windows 10 Pro</product_title>...<product_version>....<name>10.0.19041.1865</name>....<numeric>.....<major>10</major>.....<minor>0</minor>.....<build>19041</build>.....<review>1865</review>....</numeric>...</product_version>...<software_creator>....<name>Microsoft Corporation</name>....<regid>regid.1991-06.com.microsoft</regid>...</software_creator>...<software_licensor>....<name>Microsoft Corporation</name>....<regid>regid.1991-06.com.microsoft</regid>...</software_licensor>...<software_id>....<unique_id>Windows-10-Pro</unique_id>....<tag_creator_regid>regid.1991-06.com.microsoft</tag_creator_regid>...</software_id>...<tag_creator>....<name>Microsoft Corporation</name>....<regid>regid.1991-06.com.microsoft</regid>...</tag_creator>..</software_identification_tag>..

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BrokerService.exe.log

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Citrix\Broker\Service\BrokerService.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2795
                                                                                                                                                                                                                        Entropy (8bit):5.359476503860455
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:90F3290EDDFB869B0D0AB6A74006A12B
                                                                                                                                                                                                                        SHA1:0D0C468E90BA4198D7CD0FDB51072A21AD62926D
                                                                                                                                                                                                                        SHA-256:37D11B06A7E16E083A0D03FB4B8B50E2057E75EDA4FB23F52AE9F0DE5F7EA3B3
                                                                                                                                                                                                                        SHA-512:ED5ED18854FB076DDDFB17FD682E34C0F5A4854ADD557175C65187544861704F48C28D96A1D868378CA92D9D66FA31D3B878DE1823CB0ABB8C63D806F6A0E8AE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..2,"netstandard, Version=2.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configura

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegisterPlugins.exe.log

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):7984
                                                                                                                                                                                                                        Entropy (8bit):5.181813620513515
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:06A80B4D1950851CE024A25C21C2F206
                                                                                                                                                                                                                        SHA1:A480D54A5EF757244D0B1E707C2116D9BBEC9B27
                                                                                                                                                                                                                        SHA-256:F0D5329EA4D9315522FEFA1A0232DC7CE982815BA078AA29F0408236DD39CFB9
                                                                                                                                                                                                                        SHA-512:20EC590DD734BF2D3D1E14758A375E1A9B5CFE11A80CB033C40C67C0E7C080DFD91A830893ECA7E698B9450C3EFA03295A398F18194CC6D4FA49B18DD5B50437
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.AddIn, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.AddIn.Contract, Version=4.0.0.0, Culture=neutral, Public

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI9878.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):751912
                                                                                                                                                                                                                        Entropy (8bit):6.611750923291916
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A0F9143B7335516124E9EEB0326D80A2
                                                                                                                                                                                                                        SHA1:32FB18CC04029FD53A5047987304F292F52FC7CD
                                                                                                                                                                                                                        SHA-256:CB5E27CE73C86B290AA0027C2FDBBBD072FF26FBF337EF7F8EBE59633F11BFAB
                                                                                                                                                                                                                        SHA-512:6653BA3BC4D4A0F54980E7F70A51A20B83E46DFBB6C46DF1A2C838B401B29D648C65345C764F8A8D84C37DCC176B624D92921A7900F830D5A3D0CFED82E04E27
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........d..............x......x......oz.......x.......x.......x......Rich....................PE..L...).W...........!.........p......[..................................................................................;....y.......................`..(.......,...P...................................@............................................text...3........................... ..`.rdata..............................@..@.data...DB....... ..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI9983.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):240408
                                                                                                                                                                                                                        Entropy (8bit):6.700943101328978
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:8EDC1557E9FC7F25F89AD384D01BCEC4
                                                                                                                                                                                                                        SHA1:98E64D7F92B8254FE3F258E3238B9E0F033B5A9C
                                                                                                                                                                                                                        SHA-256:78860E15E474CC2AF7AD6E499A8971B6B8197AFB8E49A1B9EAAA392E4378F3A5
                                                                                                                                                                                                                        SHA-512:D26C9DCE3C3D17583FFB5DBCD3989F93B096A7F64A37A2701A474C1BF4B8C8B1E922C352D33F24E411F1C793E1B4AF11A3AEC1DE489087D481B1B636DF2050CD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|.../...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSI99A3.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):141384
                                                                                                                                                                                                                        Entropy (8bit):6.330830269812664
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:433B089D385C4F8B2F457228FC36F542
                                                                                                                                                                                                                        SHA1:AC9CF4DB96567292133844E03DD9C7B38DBEF358
                                                                                                                                                                                                                        SHA-256:6C662B2C556E6943AF53B60F3B09794D08A34B322E23B7FD278C555D996DE81E
                                                                                                                                                                                                                        SHA-512:44C020A1DAE1E30E8AC37E4BCB04925738E1161B0BB9816FC2192630634F0DE9359E995A43602197A94E5D6B4247DCF01DA091569B9270B49582EAC9D8975FAA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N............Q.....Q.....Q..............*..............Q..............................."..........Rich...................PE..d....Y.f.........." ...'."..........0%.......................................p......oo....`A........................................p...h.......d....P....... ..........H(...`..x...@...p.......................(.......@............@...............................text....!.......".................. ..`.rdata..d....@.......&..............@..@.data....,..........................@....pdata....... ......................@..@_RDATA.......@......................@..@.rsrc........P......................@..@.reloc..x....`......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MSID34D.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):751912
                                                                                                                                                                                                                        Entropy (8bit):6.611750923291916
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A0F9143B7335516124E9EEB0326D80A2
                                                                                                                                                                                                                        SHA1:32FB18CC04029FD53A5047987304F292F52FC7CD
                                                                                                                                                                                                                        SHA-256:CB5E27CE73C86B290AA0027C2FDBBBD072FF26FBF337EF7F8EBE59633F11BFAB
                                                                                                                                                                                                                        SHA-512:6653BA3BC4D4A0F54980E7F70A51A20B83E46DFBB6C46DF1A2C838B401B29D648C65345C764F8A8D84C37DCC176B624D92921A7900F830D5A3D0CFED82E04E27
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........d..............x......x......oz.......x.......x.......x......Rich....................PE..L...).W...........!.........p......[..................................................................................;....y.......................`..(.......,...P...................................@............................................text...3........................... ..`.rdata..............................@..@.data...DB....... ..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Tmp6202.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                        File Type:PEM certificate
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2540
                                                                                                                                                                                                                        Entropy (8bit):5.974621309222696
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A1034DEC4958C973B301D47449B86B7B
                                                                                                                                                                                                                        SHA1:959A3D45B2F91CD1FD4EA4A92C502791E6624A59
                                                                                                                                                                                                                        SHA-256:121824F8DFFD7C70A079603814C74129F543BD456A64B99C227D130612B9F4E1
                                                                                                                                                                                                                        SHA-512:CED457D2A7C1C83D635ACCD3BE6F1C5A2B5D54DE24ABE5F32D5B9D1AAC4A9DEB907D27F622E23CFFF438DCFE47C2C660AC794E17E018EE119E9688E76571953F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:-----BEGIN CERTIFICATE-----..MIIHCDCCBPCgAwIBAgIQBMSlUV04iQWOmQX47ZpRcDANBgkqhkiG9w0BAQsFADBp..MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMT..OERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0..IDIwMjEgQ0ExMB4XDTI0MDMwODAwMDAwMFoXDTI1MDMwNzIzNTk1OVowgY8xCzAJ..BgNVBAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRgwFgYDVQQHEw9Gb3J0IExhdWRl..cmRhbGUxHTAbBgNVBAoTFENpdHJpeCBTeXN0ZW1zLCBJbmMuMRYwFAYDVQQLEw1D..aXRyaXggWGVuQXBwMR0wGwYDVQQDExRDaXRyaXggU3lzdGVtcywgSW5jLjCCAaIw..DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAPoCfOCCtrdGgYAblwd8n6qAvq4s..CBKIV00B1ajbye798YoiGA/D782C4WkKtnRuHrmNQDoVy9FHNqzS3EGShAeD7JWK..66K4PseYkSZdpPV5bQxKQ26iSapFBC2OnexhCKaeAoXRnzSbhlPRggIIppfPLc2T..Do7QKnCyF0kUjroEII1DkfhL33i5TEy7PwA48jovPfPtJk7XROksv2tm5/34LCWl..PDtip+/GIh19TepZJSigczubWH0Q9lWYTp9pMej1CPp/kXJMBNtqNIQYXJAXgRjV..tg1KwAQy8GLjThFmRBsdSgtlAzuKfng5sQDYwv/qvbed3WeFdWP6i/QkZ4p9CTaM..FXC098xqnnm4CGoNj6rIept5bwEosuw6Zg7cmkwsL/2i3dceU2b1D4inH7zDkgkc..Uz/muy+A3Y7qnEMVhDZNZDRGY2Wv2UtAQ1mpZJaeiYvZIia

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\TmpD13B.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                        File Type:PEM certificate
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):2540
                                                                                                                                                                                                                        Entropy (8bit):5.974621309222696
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A1034DEC4958C973B301D47449B86B7B
                                                                                                                                                                                                                        SHA1:959A3D45B2F91CD1FD4EA4A92C502791E6624A59
                                                                                                                                                                                                                        SHA-256:121824F8DFFD7C70A079603814C74129F543BD456A64B99C227D130612B9F4E1
                                                                                                                                                                                                                        SHA-512:CED457D2A7C1C83D635ACCD3BE6F1C5A2B5D54DE24ABE5F32D5B9D1AAC4A9DEB907D27F622E23CFFF438DCFE47C2C660AC794E17E018EE119E9688E76571953F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:-----BEGIN CERTIFICATE-----..MIIHCDCCBPCgAwIBAgIQBMSlUV04iQWOmQX47ZpRcDANBgkqhkiG9w0BAQsFADBp..MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMT..OERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0..IDIwMjEgQ0ExMB4XDTI0MDMwODAwMDAwMFoXDTI1MDMwNzIzNTk1OVowgY8xCzAJ..BgNVBAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRgwFgYDVQQHEw9Gb3J0IExhdWRl..cmRhbGUxHTAbBgNVBAoTFENpdHJpeCBTeXN0ZW1zLCBJbmMuMRYwFAYDVQQLEw1D..aXRyaXggWGVuQXBwMR0wGwYDVQQDExRDaXRyaXggU3lzdGVtcywgSW5jLjCCAaIw..DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAPoCfOCCtrdGgYAblwd8n6qAvq4s..CBKIV00B1ajbye798YoiGA/D782C4WkKtnRuHrmNQDoVy9FHNqzS3EGShAeD7JWK..66K4PseYkSZdpPV5bQxKQ26iSapFBC2OnexhCKaeAoXRnzSbhlPRggIIppfPLc2T..Do7QKnCyF0kUjroEII1DkfhL33i5TEy7PwA48jovPfPtJk7XROksv2tm5/34LCWl..PDtip+/GIh19TepZJSigczubWH0Q9lWYTp9pMej1CPp/kXJMBNtqNIQYXJAXgRjV..tg1KwAQy8GLjThFmRBsdSgtlAzuKfng5sQDYwv/qvbed3WeFdWP6i/QkZ4p9CTaM..FXC098xqnnm4CGoNj6rIept5bwEosuw6Zg7cmkwsL/2i3dceU2b1D4inH7zDkgkc..Uz/muy+A3Y7qnEMVhDZNZDRGY2Wv2UtAQ1mpZJaeiYvZIia

                                                                                                                                                                                                                        C:\Windows\Installer\52b9fa.msi

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Citrix Broker Service (x64) 7.41.1100.45, Author: Citrix Systems, Inc., Keywords: XenDesktop,Installer, Comments: Version 7.41.1100.45, Create Time/Date: Thu Aug 8 07:08:40 2024, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 4, Template: x64;1033, Last Saved By: x64;2052, Revision Number: {16FBB4F8-8C17-4AD9-93A4-B3F2C57666D7}7.41.1100.45;{8AC8180C-94B6-4259-B3FE-502143159DA5}7.41.1100.45;{DCD61024-BE72-49C9-B21A-D53C641B722B}, Number of Pages: 300, Number of Characters: 131135
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):72298496
                                                                                                                                                                                                                        Entropy (8bit):7.978008029319694
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:2D8222E63CC0A2D86D80A57D26347C84
                                                                                                                                                                                                                        SHA1:8D762E32F294BC971873F031027393520AC0161D
                                                                                                                                                                                                                        SHA-256:991636B9BA9A4A528E0267DE74CAD67012FE031DC5B859A9A7A32A1303B90DD8
                                                                                                                                                                                                                        SHA-512:666E5DD76FAE155EF80B4CCED367A0D9EFC36EEDA659DF9D5AF0DAFC293341A4327BE26D9FC5D4E7850E1DA153A7E995BF73F69788D6017D2F396C660FA0B123
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:......................>.................................................................................... ...$...(...,...0...4...8...<...@...C......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSIC535.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):751912
                                                                                                                                                                                                                        Entropy (8bit):6.611750923291916
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A0F9143B7335516124E9EEB0326D80A2
                                                                                                                                                                                                                        SHA1:32FB18CC04029FD53A5047987304F292F52FC7CD
                                                                                                                                                                                                                        SHA-256:CB5E27CE73C86B290AA0027C2FDBBBD072FF26FBF337EF7F8EBE59633F11BFAB
                                                                                                                                                                                                                        SHA-512:6653BA3BC4D4A0F54980E7F70A51A20B83E46DFBB6C46DF1A2C838B401B29D648C65345C764F8A8D84C37DCC176B624D92921A7900F830D5A3D0CFED82E04E27
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........d..............x......x......oz.......x.......x.......x......Rich....................PE..L...).W...........!.........p......[..................................................................................;....y.......................`..(.......,...P...................................@............................................text...3........................... ..`.rdata..............................@..@.data...DB....... ..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSIC5C3.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):141384
                                                                                                                                                                                                                        Entropy (8bit):6.330830269812664
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:433B089D385C4F8B2F457228FC36F542
                                                                                                                                                                                                                        SHA1:AC9CF4DB96567292133844E03DD9C7B38DBEF358
                                                                                                                                                                                                                        SHA-256:6C662B2C556E6943AF53B60F3B09794D08A34B322E23B7FD278C555D996DE81E
                                                                                                                                                                                                                        SHA-512:44C020A1DAE1E30E8AC37E4BCB04925738E1161B0BB9816FC2192630634F0DE9359E995A43602197A94E5D6B4247DCF01DA091569B9270B49582EAC9D8975FAA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N............Q.....Q.....Q..............*..............Q..............................."..........Rich...................PE..d....Y.f.........." ...'."..........0%.......................................p......oo....`A........................................p...h.......d....P....... ..........H(...`..x...@...p.......................(.......@............@...............................text....!.......".................. ..`.rdata..d....@.......&..............@..@.data....,..........................@....pdata....... ......................@..@_RDATA.......@......................@..@.rsrc........P......................@..@.reloc..x....`......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSIC641.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):751912
                                                                                                                                                                                                                        Entropy (8bit):6.611750923291916
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A0F9143B7335516124E9EEB0326D80A2
                                                                                                                                                                                                                        SHA1:32FB18CC04029FD53A5047987304F292F52FC7CD
                                                                                                                                                                                                                        SHA-256:CB5E27CE73C86B290AA0027C2FDBBBD072FF26FBF337EF7F8EBE59633F11BFAB
                                                                                                                                                                                                                        SHA-512:6653BA3BC4D4A0F54980E7F70A51A20B83E46DFBB6C46DF1A2C838B401B29D648C65345C764F8A8D84C37DCC176B624D92921A7900F830D5A3D0CFED82E04E27
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........d..............x......x......oz.......x.......x.......x......Rich....................PE..L...).W...........!.........p......[..................................................................................;....y.......................`..(.......,...P...................................@............................................text...3........................... ..`.rdata..............................@..@.data...DB....... ..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSICB14.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):751912
                                                                                                                                                                                                                        Entropy (8bit):6.611750923291916
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A0F9143B7335516124E9EEB0326D80A2
                                                                                                                                                                                                                        SHA1:32FB18CC04029FD53A5047987304F292F52FC7CD
                                                                                                                                                                                                                        SHA-256:CB5E27CE73C86B290AA0027C2FDBBBD072FF26FBF337EF7F8EBE59633F11BFAB
                                                                                                                                                                                                                        SHA-512:6653BA3BC4D4A0F54980E7F70A51A20B83E46DFBB6C46DF1A2C838B401B29D648C65345C764F8A8D84C37DCC176B624D92921A7900F830D5A3D0CFED82E04E27
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........d..............x......x......oz.......x.......x.......x......Rich....................PE..L...).W...........!.........p......[..................................................................................;....y.......................`..(.......,...P...................................@............................................text...3........................... ..`.rdata..............................@..@.data...DB....... ..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSICB82.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):751912
                                                                                                                                                                                                                        Entropy (8bit):6.611750923291916
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A0F9143B7335516124E9EEB0326D80A2
                                                                                                                                                                                                                        SHA1:32FB18CC04029FD53A5047987304F292F52FC7CD
                                                                                                                                                                                                                        SHA-256:CB5E27CE73C86B290AA0027C2FDBBBD072FF26FBF337EF7F8EBE59633F11BFAB
                                                                                                                                                                                                                        SHA-512:6653BA3BC4D4A0F54980E7F70A51A20B83E46DFBB6C46DF1A2C838B401B29D648C65345C764F8A8D84C37DCC176B624D92921A7900F830D5A3D0CFED82E04E27
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........d..............x......x......oz.......x.......x.......x......Rich....................PE..L...).W...........!.........p......[..................................................................................;....y.......................`..(.......,...P...................................@............................................text...3........................... ..`.rdata..............................@..@.data...DB....... ..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSICE62.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):7926546
                                                                                                                                                                                                                        Entropy (8bit):6.719665002467166
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:5A2E97F56E0895594D9F4D28E09AF89E
                                                                                                                                                                                                                        SHA1:52CA0775946DDD789EABC488E86468CFDA56D3E8
                                                                                                                                                                                                                        SHA-256:E1EA83C4DBB4ECF766E0346E7B26A079E6FB9657A4BC8583B83FEF2CA6D086D4
                                                                                                                                                                                                                        SHA-512:49CE93D23D9A3ED8064E89F83F35914E96EF243A787300872A51A6D814E68ECBEB589E21FE7F9198F54C849F7AE006346720E76B7AC01C080A6F8B3260DD8B1D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.KHY.@.....@.....@.....@.....@.....@......&.{16FBB4F8-8C17-4AD9-93A4-B3F2C57666D7}..Citrix Broker Service..Broker_Service_x64.msi.@.....@L.)..@.....@........&.{CA59D2FB-8645-4E54-804D-6A3B5CA91B4E}.....@.....@.....@.....@.......@.....@.....@.......@......Citrix Broker Service......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@#....@.....@.]....&.{C77C1070-CD4D-40BD-8830-1CDDAC2B75F1}..C:\.@.......@.....@.....@......&.{29A8CBD2-C987-44C5-8197-7C151D810F81}7.C:\Program Files\Citrix\Broker\Service\Pipeline\AddIns\.@.......@.....@.....@......&.{0C35667B-8753-4577-B4A1-31705A486DF5}B.C:\Program Files\Citrix\Broker\Service\Pipeline\AddInSideAdapters\.@.......@.....@.....@......&.{A763C70B-5ECD-40B9-8618-D0D9A6CA4B6C}0.C:\Program Files\Citrix\Broker\Service\Pipeline\.@.......@.....@.....@......&.{358322E2-4D47-4570-AB67-3984C25F3CE8}'.C:\Program Files\Citrix\Broker

                                                                                                                                                                                                                        C:\Windows\Installer\MSICEEF.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):326416
                                                                                                                                                                                                                        Entropy (8bit):6.6289895656932565
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:B6F7D6123BF7399EE1A7DD7F00CA2013
                                                                                                                                                                                                                        SHA1:661F5D31C3EEC184FA4C0CAA7F61C410E56402B2
                                                                                                                                                                                                                        SHA-256:E554C57EDD608FA6B17AABF12B405A28753EC4AC5C68905C5A3F5ACB4D5623C3
                                                                                                                                                                                                                        SHA-512:7F87B96DCEC081D31269CCC8E6E212F2EC74F24CA47AF182BB9244DB37192C44A29EC2C10C9816C176A1F611068A8E52AACA62F49FDD77814C086F578303A3C8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e.O...O...O......E............._.......].......n......X......N......X...O.................N.......N...O...N.......N...RichO...................PE..L......e...........!........................................................ ......s@....@................................T............................/......X&......T...............................@............................................text............................... ..`.rdata..............................@..@.data....$..........................@....rsrc...............................@..@.reloc..X&.......(..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSICF8D.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):326416
                                                                                                                                                                                                                        Entropy (8bit):6.6289895656932565
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:B6F7D6123BF7399EE1A7DD7F00CA2013
                                                                                                                                                                                                                        SHA1:661F5D31C3EEC184FA4C0CAA7F61C410E56402B2
                                                                                                                                                                                                                        SHA-256:E554C57EDD608FA6B17AABF12B405A28753EC4AC5C68905C5A3F5ACB4D5623C3
                                                                                                                                                                                                                        SHA-512:7F87B96DCEC081D31269CCC8E6E212F2EC74F24CA47AF182BB9244DB37192C44A29EC2C10C9816C176A1F611068A8E52AACA62F49FDD77814C086F578303A3C8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e.O...O...O......E............._.......].......n......X......N......X...O.................N.......N...O...N.......N...RichO...................PE..L......e...........!........................................................ ......s@....@................................T............................/......X&......T...............................@............................................text............................... ..`.rdata..............................@..@.data....$..........................@....rsrc...............................@..@.reloc..X&.......(..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSICFCC.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):326416
                                                                                                                                                                                                                        Entropy (8bit):6.6289895656932565
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:B6F7D6123BF7399EE1A7DD7F00CA2013
                                                                                                                                                                                                                        SHA1:661F5D31C3EEC184FA4C0CAA7F61C410E56402B2
                                                                                                                                                                                                                        SHA-256:E554C57EDD608FA6B17AABF12B405A28753EC4AC5C68905C5A3F5ACB4D5623C3
                                                                                                                                                                                                                        SHA-512:7F87B96DCEC081D31269CCC8E6E212F2EC74F24CA47AF182BB9244DB37192C44A29EC2C10C9816C176A1F611068A8E52AACA62F49FDD77814C086F578303A3C8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e.O...O...O......E............._.......].......n......X......N......X...O.................N.......N...O...N.......N...RichO...................PE..L......e...........!........................................................ ......s@....@................................T............................/......X&......T...............................@............................................text............................... ..`.rdata..............................@..@.data....$..........................@....rsrc...............................@..@.reloc..X&.......(..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSID0F6.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):326416
                                                                                                                                                                                                                        Entropy (8bit):6.6289895656932565
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:B6F7D6123BF7399EE1A7DD7F00CA2013
                                                                                                                                                                                                                        SHA1:661F5D31C3EEC184FA4C0CAA7F61C410E56402B2
                                                                                                                                                                                                                        SHA-256:E554C57EDD608FA6B17AABF12B405A28753EC4AC5C68905C5A3F5ACB4D5623C3
                                                                                                                                                                                                                        SHA-512:7F87B96DCEC081D31269CCC8E6E212F2EC74F24CA47AF182BB9244DB37192C44A29EC2C10C9816C176A1F611068A8E52AACA62F49FDD77814C086F578303A3C8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e.O...O...O......E............._.......].......n......X......N......X...O.................N.......N...O...N.......N...RichO...................PE..L......e...........!........................................................ ......s@....@................................T............................/......X&......T...............................@............................................text............................... ..`.rdata..............................@..@.data....$..........................@....rsrc...............................@..@.reloc..X&.......(..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSID1E1.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):240408
                                                                                                                                                                                                                        Entropy (8bit):6.700943101328978
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:8EDC1557E9FC7F25F89AD384D01BCEC4
                                                                                                                                                                                                                        SHA1:98E64D7F92B8254FE3F258E3238B9E0F033B5A9C
                                                                                                                                                                                                                        SHA-256:78860E15E474CC2AF7AD6E499A8971B6B8197AFB8E49A1B9EAAA392E4378F3A5
                                                                                                                                                                                                                        SHA-512:D26C9DCE3C3D17583FFB5DBCD3989F93B096A7F64A37A2701A474C1BF4B8C8B1E922C352D33F24E411F1C793E1B4AF11A3AEC1DE489087D481B1B636DF2050CD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|.../...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSID211.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):326416
                                                                                                                                                                                                                        Entropy (8bit):6.6289895656932565
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:B6F7D6123BF7399EE1A7DD7F00CA2013
                                                                                                                                                                                                                        SHA1:661F5D31C3EEC184FA4C0CAA7F61C410E56402B2
                                                                                                                                                                                                                        SHA-256:E554C57EDD608FA6B17AABF12B405A28753EC4AC5C68905C5A3F5ACB4D5623C3
                                                                                                                                                                                                                        SHA-512:7F87B96DCEC081D31269CCC8E6E212F2EC74F24CA47AF182BB9244DB37192C44A29EC2C10C9816C176A1F611068A8E52AACA62F49FDD77814C086F578303A3C8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e.O...O...O......E............._.......].......n......X......N......X...O.................N.......N...O...N.......N...RichO...................PE..L......e...........!........................................................ ......s@....@................................T............................/......X&......T...............................@............................................text............................... ..`.rdata..............................@..@.data....$..........................@....rsrc...............................@..@.reloc..X&.......(..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSID28F.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):326416
                                                                                                                                                                                                                        Entropy (8bit):6.6289895656932565
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:B6F7D6123BF7399EE1A7DD7F00CA2013
                                                                                                                                                                                                                        SHA1:661F5D31C3EEC184FA4C0CAA7F61C410E56402B2
                                                                                                                                                                                                                        SHA-256:E554C57EDD608FA6B17AABF12B405A28753EC4AC5C68905C5A3F5ACB4D5623C3
                                                                                                                                                                                                                        SHA-512:7F87B96DCEC081D31269CCC8E6E212F2EC74F24CA47AF182BB9244DB37192C44A29EC2C10C9816C176A1F611068A8E52AACA62F49FDD77814C086F578303A3C8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e.O...O...O......E............._.......].......n......X......N......X...O.................N.......N...O...N.......N...RichO...................PE..L......e...........!........................................................ ......s@....@................................T............................/......X&......T...............................@............................................text............................... ..`.rdata..............................@..@.data....$..........................@....rsrc...............................@..@.reloc..X&.......(..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSID2EE.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):240408
                                                                                                                                                                                                                        Entropy (8bit):6.700943101328978
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:8EDC1557E9FC7F25F89AD384D01BCEC4
                                                                                                                                                                                                                        SHA1:98E64D7F92B8254FE3F258E3238B9E0F033B5A9C
                                                                                                                                                                                                                        SHA-256:78860E15E474CC2AF7AD6E499A8971B6B8197AFB8E49A1B9EAAA392E4378F3A5
                                                                                                                                                                                                                        SHA-512:D26C9DCE3C3D17583FFB5DBCD3989F93B096A7F64A37A2701A474C1BF4B8C8B1E922C352D33F24E411F1C793E1B4AF11A3AEC1DE489087D481B1B636DF2050CD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|.../...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSID31E.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):751912
                                                                                                                                                                                                                        Entropy (8bit):6.611750923291916
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A0F9143B7335516124E9EEB0326D80A2
                                                                                                                                                                                                                        SHA1:32FB18CC04029FD53A5047987304F292F52FC7CD
                                                                                                                                                                                                                        SHA-256:CB5E27CE73C86B290AA0027C2FDBBBD072FF26FBF337EF7F8EBE59633F11BFAB
                                                                                                                                                                                                                        SHA-512:6653BA3BC4D4A0F54980E7F70A51A20B83E46DFBB6C46DF1A2C838B401B29D648C65345C764F8A8D84C37DCC176B624D92921A7900F830D5A3D0CFED82E04E27
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........d..............x......x......oz.......x.......x.......x......Rich....................PE..L...).W...........!.........p......[..................................................................................;....y.......................`..(.......,...P...................................@............................................text...3........................... ..`.rdata..............................@..@.data...DB....... ..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSIDD31.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):751912
                                                                                                                                                                                                                        Entropy (8bit):6.611750923291916
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A0F9143B7335516124E9EEB0326D80A2
                                                                                                                                                                                                                        SHA1:32FB18CC04029FD53A5047987304F292F52FC7CD
                                                                                                                                                                                                                        SHA-256:CB5E27CE73C86B290AA0027C2FDBBBD072FF26FBF337EF7F8EBE59633F11BFAB
                                                                                                                                                                                                                        SHA-512:6653BA3BC4D4A0F54980E7F70A51A20B83E46DFBB6C46DF1A2C838B401B29D648C65345C764F8A8D84C37DCC176B624D92921A7900F830D5A3D0CFED82E04E27
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........d..............x......x......oz.......x.......x.......x......Rich....................PE..L...).W...........!.........p......[..................................................................................;....y.......................`..(.......,...P...................................@............................................text...3........................... ..`.rdata..............................@..@.data...DB....... ..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):360001
                                                                                                                                                                                                                        Entropy (8bit):5.362973967781335
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:AD3BCD0707A178A718FF399E908E8AB6
                                                                                                                                                                                                                        SHA1:23D04AB2CAF5DEA4F25C8734635FFC5B9DA9D113
                                                                                                                                                                                                                        SHA-256:CC3D72EACD83C1642B41C1FC3995A953293FA12165626121E8011AD16A5C10C8
                                                                                                                                                                                                                        SHA-512:92F1AFEB090244A2FA5C1D63EC997F13CD500ADBA4F297CC56AD32B6C528930C9C6310C16A40F148BF4BE0A30C2C88783BA2CC29976C23022EC96E7F24B3CFF8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):2464
                                                                                                                                                                                                                        Entropy (8bit):3.244554458910001
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:621C50CFFCAA64B719217AE71104F2A2
                                                                                                                                                                                                                        SHA1:3189496C6AA5878CCD13D84675331E8CB816D95A
                                                                                                                                                                                                                        SHA-256:015B4A7E62C0FC75AF9C9B201CBB4AAC18434D4B4BD88AB12E9C638F71AF2C40
                                                                                                                                                                                                                        SHA-512:966FBA865D7D968EBDBD4CEC6E7245E8484665847E3E05DBB07B2768D2BCAA5886A18EC1BFC32ED43774E30C7CF53400EDA3C548FC7174C99BC791FB8A23A40C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.u.e. .. O.c.t. .. 0.8. .. 2.0.2.4. .1.0.:.5.8.:.5.5.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                                                                                                                                                                                                                        C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\RGI615F.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Citrix\Broker\Service\BrokerService.exe
                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25285
                                                                                                                                                                                                                        Entropy (8bit):5.595216087369578
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:033649D7B623B2F8CD29854CCB6D6A4B
                                                                                                                                                                                                                        SHA1:9772F7B7B11625FC3DEA7598CDF5B6D0FC511AE6
                                                                                                                                                                                                                        SHA-256:04A0FBD0B5C3E4F7E3558A3871FE3F3CCE5013A330941C3E72B4CDB19C81F2AD
                                                                                                                                                                                                                        SHA-512:90DF8C97C8D8062970D76AF2235C3AB78208C95C332BBC04E72E2782CB926AB12DBB1098914F453EB7B095EE7DC50F80D4CB96C5931A51A25EFB5D91A3C50989
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:[Version]..Signature="$CHICAGO$"..[BackupUserAgent]..ComponentVersion=6.0..ComponentName=IE40.UserAgent..NoBackupPlatform="NT5.1"..AdvOptions=36..AddReg=RegBackupUserAgent,!RegRollbackUserAgent..RequiredEngine=SETUPAPI,%ERR_NOSETUPAPI%..[RestoreUserAgent]..ComponentVersion=6.0..ComponentName=IE40.UserAgent..NoBackupPlatform="NT5.1"..AdvOptions=260..RequiredEngine=SETUPAPI,%ERR_NOSETUPAPI%..[!RegRollbackUserAgent]..HKLM,"Software\Microsoft\Advanced INF Setup\IE CompList","IE40.UserAgent",0,""..[RegBackupUserAgent]..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","User Agent",,"Mozilla/4.0 (compatible; MSIE 8.0; Win32)"..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","IE5_UA_Backup_Flag",,"5.0"..[Reg.HKCU]..RequiredEngine=SETUPAPI, %EngineErrorMsg%..AddReg=Zones.RegCU,ZoneMap.RegCU..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","WarnOnIntranet",0x10003,0..[UnReg.HKCU]..RequiredEngine=SETUPAPI, %EngineErrorMsg%..DelReg=Zones.RegC

                                                                                                                                                                                                                        C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\RGI618E.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Citrix\Broker\Service\BrokerService.exe
                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25285
                                                                                                                                                                                                                        Entropy (8bit):5.595216087369578
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:033649D7B623B2F8CD29854CCB6D6A4B
                                                                                                                                                                                                                        SHA1:9772F7B7B11625FC3DEA7598CDF5B6D0FC511AE6
                                                                                                                                                                                                                        SHA-256:04A0FBD0B5C3E4F7E3558A3871FE3F3CCE5013A330941C3E72B4CDB19C81F2AD
                                                                                                                                                                                                                        SHA-512:90DF8C97C8D8062970D76AF2235C3AB78208C95C332BBC04E72E2782CB926AB12DBB1098914F453EB7B095EE7DC50F80D4CB96C5931A51A25EFB5D91A3C50989
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:[Version]..Signature="$CHICAGO$"..[BackupUserAgent]..ComponentVersion=6.0..ComponentName=IE40.UserAgent..NoBackupPlatform="NT5.1"..AdvOptions=36..AddReg=RegBackupUserAgent,!RegRollbackUserAgent..RequiredEngine=SETUPAPI,%ERR_NOSETUPAPI%..[RestoreUserAgent]..ComponentVersion=6.0..ComponentName=IE40.UserAgent..NoBackupPlatform="NT5.1"..AdvOptions=260..RequiredEngine=SETUPAPI,%ERR_NOSETUPAPI%..[!RegRollbackUserAgent]..HKLM,"Software\Microsoft\Advanced INF Setup\IE CompList","IE40.UserAgent",0,""..[RegBackupUserAgent]..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","User Agent",,"Mozilla/4.0 (compatible; MSIE 8.0; Win32)"..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","IE5_UA_Backup_Flag",,"5.0"..[Reg.HKCU]..RequiredEngine=SETUPAPI, %EngineErrorMsg%..AddReg=Zones.RegCU,ZoneMap.RegCU..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","WarnOnIntranet",0x10003,0..[UnReg.HKCU]..RequiredEngine=SETUPAPI, %EngineErrorMsg%..DelReg=Zones.RegC

                                                                                                                                                                                                                        C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\RGI61CE.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Citrix\Broker\Service\BrokerService.exe
                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25285
                                                                                                                                                                                                                        Entropy (8bit):5.595216087369578
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:033649D7B623B2F8CD29854CCB6D6A4B
                                                                                                                                                                                                                        SHA1:9772F7B7B11625FC3DEA7598CDF5B6D0FC511AE6
                                                                                                                                                                                                                        SHA-256:04A0FBD0B5C3E4F7E3558A3871FE3F3CCE5013A330941C3E72B4CDB19C81F2AD
                                                                                                                                                                                                                        SHA-512:90DF8C97C8D8062970D76AF2235C3AB78208C95C332BBC04E72E2782CB926AB12DBB1098914F453EB7B095EE7DC50F80D4CB96C5931A51A25EFB5D91A3C50989
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:[Version]..Signature="$CHICAGO$"..[BackupUserAgent]..ComponentVersion=6.0..ComponentName=IE40.UserAgent..NoBackupPlatform="NT5.1"..AdvOptions=36..AddReg=RegBackupUserAgent,!RegRollbackUserAgent..RequiredEngine=SETUPAPI,%ERR_NOSETUPAPI%..[RestoreUserAgent]..ComponentVersion=6.0..ComponentName=IE40.UserAgent..NoBackupPlatform="NT5.1"..AdvOptions=260..RequiredEngine=SETUPAPI,%ERR_NOSETUPAPI%..[!RegRollbackUserAgent]..HKLM,"Software\Microsoft\Advanced INF Setup\IE CompList","IE40.UserAgent",0,""..[RegBackupUserAgent]..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","User Agent",,"Mozilla/4.0 (compatible; MSIE 8.0; Win32)"..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","IE5_UA_Backup_Flag",,"5.0"..[Reg.HKCU]..RequiredEngine=SETUPAPI, %EngineErrorMsg%..AddReg=Zones.RegCU,ZoneMap.RegCU..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","WarnOnIntranet",0x10003,0..[UnReg.HKCU]..RequiredEngine=SETUPAPI, %EngineErrorMsg%..DelReg=Zones.RegC

                                                                                                                                                                                                                        C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\RGI61FE.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Citrix\Broker\Service\BrokerService.exe
                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25285
                                                                                                                                                                                                                        Entropy (8bit):5.595216087369578
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:033649D7B623B2F8CD29854CCB6D6A4B
                                                                                                                                                                                                                        SHA1:9772F7B7B11625FC3DEA7598CDF5B6D0FC511AE6
                                                                                                                                                                                                                        SHA-256:04A0FBD0B5C3E4F7E3558A3871FE3F3CCE5013A330941C3E72B4CDB19C81F2AD
                                                                                                                                                                                                                        SHA-512:90DF8C97C8D8062970D76AF2235C3AB78208C95C332BBC04E72E2782CB926AB12DBB1098914F453EB7B095EE7DC50F80D4CB96C5931A51A25EFB5D91A3C50989
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:[Version]..Signature="$CHICAGO$"..[BackupUserAgent]..ComponentVersion=6.0..ComponentName=IE40.UserAgent..NoBackupPlatform="NT5.1"..AdvOptions=36..AddReg=RegBackupUserAgent,!RegRollbackUserAgent..RequiredEngine=SETUPAPI,%ERR_NOSETUPAPI%..[RestoreUserAgent]..ComponentVersion=6.0..ComponentName=IE40.UserAgent..NoBackupPlatform="NT5.1"..AdvOptions=260..RequiredEngine=SETUPAPI,%ERR_NOSETUPAPI%..[!RegRollbackUserAgent]..HKLM,"Software\Microsoft\Advanced INF Setup\IE CompList","IE40.UserAgent",0,""..[RegBackupUserAgent]..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","User Agent",,"Mozilla/4.0 (compatible; MSIE 8.0; Win32)"..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","IE5_UA_Backup_Flag",,"5.0"..[Reg.HKCU]..RequiredEngine=SETUPAPI, %EngineErrorMsg%..AddReg=Zones.RegCU,ZoneMap.RegCU..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","WarnOnIntranet",0x10003,0..[UnReg.HKCU]..RequiredEngine=SETUPAPI, %EngineErrorMsg%..DelReg=Zones.RegC

                                                                                                                                                                                                                        C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\RGI622E.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Citrix\Broker\Service\BrokerService.exe
                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):25285
                                                                                                                                                                                                                        Entropy (8bit):5.595216087369578
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:033649D7B623B2F8CD29854CCB6D6A4B
                                                                                                                                                                                                                        SHA1:9772F7B7B11625FC3DEA7598CDF5B6D0FC511AE6
                                                                                                                                                                                                                        SHA-256:04A0FBD0B5C3E4F7E3558A3871FE3F3CCE5013A330941C3E72B4CDB19C81F2AD
                                                                                                                                                                                                                        SHA-512:90DF8C97C8D8062970D76AF2235C3AB78208C95C332BBC04E72E2782CB926AB12DBB1098914F453EB7B095EE7DC50F80D4CB96C5931A51A25EFB5D91A3C50989
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:[Version]..Signature="$CHICAGO$"..[BackupUserAgent]..ComponentVersion=6.0..ComponentName=IE40.UserAgent..NoBackupPlatform="NT5.1"..AdvOptions=36..AddReg=RegBackupUserAgent,!RegRollbackUserAgent..RequiredEngine=SETUPAPI,%ERR_NOSETUPAPI%..[RestoreUserAgent]..ComponentVersion=6.0..ComponentName=IE40.UserAgent..NoBackupPlatform="NT5.1"..AdvOptions=260..RequiredEngine=SETUPAPI,%ERR_NOSETUPAPI%..[!RegRollbackUserAgent]..HKLM,"Software\Microsoft\Advanced INF Setup\IE CompList","IE40.UserAgent",0,""..[RegBackupUserAgent]..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","User Agent",,"Mozilla/4.0 (compatible; MSIE 8.0; Win32)"..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","IE5_UA_Backup_Flag",,"5.0"..[Reg.HKCU]..RequiredEngine=SETUPAPI, %EngineErrorMsg%..AddReg=Zones.RegCU,ZoneMap.RegCU..HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings","WarnOnIntranet",0x10003,0..[UnReg.HKCU]..RequiredEngine=SETUPAPI, %EngineErrorMsg%..DelReg=Zones.RegC

                                                                                                                                                                                                                        C:\Windows\Temp\~DF478E8B3AFCBB14DB.TMP

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Temp\~DF875DB2AF46B9387B.TMP

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                        Entropy (8bit):2.4588711656733713
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:3833D76BA97E17E474E9EF71525F4C2B
                                                                                                                                                                                                                        SHA1:FC8156D258D9C111DE856E58988723F383303FBD
                                                                                                                                                                                                                        SHA-256:3EC23097ACAF7046BFCD526F64297DD34271CB299A303AB781A5CB0AC99FDF99
                                                                                                                                                                                                                        SHA-512:9F79FEFCBAD0960CD11AFE8F8221F1BF6FB3E47395012F615D5D1472056A61D8CB3FA46D73AF895B76EC91C1625026783CEE81DBFEBDBFB2947BC15F913AFE49
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Citrix Broker Service (x64) 7.41.1100.45, Author: Citrix Systems, Inc., Keywords: XenDesktop,Installer, Comments: Version 7.41.1100.45, Create Time/Date: Thu Aug 8 07:08:40 2024, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 4, Template: x64;1033, Last Saved By: x64;2052, Revision Number: {16FBB4F8-8C17-4AD9-93A4-B3F2C57666D7}7.41.1100.45;{8AC8180C-94B6-4259-B3FE-502143159DA5}7.41.1100.45;{DCD61024-BE72-49C9-B21A-D53C641B722B}, Number of Pages: 300, Number of Characters: 131135
                                                                                                                                                                                                                        Entropy (8bit):7.978008029319694
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                                        • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                                        • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                                        File name:Broker_Service_x64.msi
                                                                                                                                                                                                                        File size:72'298'496 bytes
                                                                                                                                                                                                                        MD5:2d8222e63cc0a2d86d80a57d26347c84
                                                                                                                                                                                                                        SHA1:8d762e32f294bc971873f031027393520ac0161d
                                                                                                                                                                                                                        SHA256:991636b9ba9a4a528e0267de74cad67012fe031dc5b859a9a7a32a1303b90dd8
                                                                                                                                                                                                                        SHA512:666e5dd76fae155ef80b4cced367a0d9efc36eeda659df9d5af0dafc293341a4327be26d9fc5d4e7850e1da153a7e995bf73f69788d6017d2f396c660fa0b123
                                                                                                                                                                                                                        SSDEEP:1572864:8IVXEL/fP5ItOVagEUalUyGfQh8maDKYYysJy:v5EL/JI8ylUyGfQh81OYvn
                                                                                                                                                                                                                        TLSH:88F73322B561847EEEAB0533A139CB201A3DFD355790C9DF93A4B3294DF26C255B3A07
                                                                                                                                                                                                                        File Content Preview:........................>.................................................................................... ...$...(...,...0...4...8...<...@...C.............................................................................................................

                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Oct 8, 2024 15:29:51.932256937 CEST5696553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 8, 2024 15:31:05.305309057 CEST5471753192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 8, 2024 15:31:05.502684116 CEST53547171.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 8, 2024 15:31:21.522141933 CEST6121553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 8, 2024 15:31:21.544053078 CEST53612151.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 8, 2024 15:31:37.575346947 CEST5587853192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 8, 2024 15:31:37.586652994 CEST53558781.1.1.1192.168.2.7

                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Oct 8, 2024 15:29:51.932256937 CEST192.168.2.71.1.1.10x2a9eStandard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 8, 2024 15:31:05.305309057 CEST192.168.2.71.1.1.10xf0b0Standard query (0)_ldap._tcp.33IN (0x0001)false
                                                                                                                                                                                                                        Oct 8, 2024 15:31:21.522141933 CEST192.168.2.71.1.1.10x4783Standard query (0)_ldap._tcp.33IN (0x0001)false
                                                                                                                                                                                                                        Oct 8, 2024 15:31:37.575346947 CEST192.168.2.71.1.1.10x960bStandard query (0)_ldap._tcp.33IN (0x0001)false

                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Oct 8, 2024 15:29:51.939266920 CEST1.1.1.1192.168.2.70x2a9eNo error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 8, 2024 15:31:05.502684116 CEST1.1.1.1192.168.2.70xf0b0Name error (3)_ldap._tcp.nonenone33IN (0x0001)false
                                                                                                                                                                                                                        Oct 8, 2024 15:31:21.544053078 CEST1.1.1.1192.168.2.70x4783Name error (3)_ldap._tcp.nonenone33IN (0x0001)false
                                                                                                                                                                                                                        Oct 8, 2024 15:31:37.586652994 CEST1.1.1.1192.168.2.70x960bName error (3)_ldap._tcp.nonenone33IN (0x0001)false

                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                        Start time:09:29:45
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Broker_Service_x64.msi"
                                                                                                                                                                                                                        Imagebase:0x7ff65f1b0000
                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                        Start time:09:29:45
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                                                                                                        Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                        Start time:09:29:46
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                                                                                                        Imagebase:0x7ff6e8040000
                                                                                                                                                                                                                        File size:329'504 bytes
                                                                                                                                                                                                                        MD5 hash:3BA1A18A0DC30A0545E7765CB97D8E63
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                        Start time:09:29:46
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                        Imagebase:0x7ff65f1b0000
                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                        Start time:09:29:46
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                                                                                                                                                                                                                        Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                        Start time:09:29:46
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                                                                                                        Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                        Start time:09:29:46
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 61840644E35B0012964490F7155C79A4 C
                                                                                                                                                                                                                        Imagebase:0x810000
                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                        Start time:09:29:46
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\System32\MsiExec.exe -Embedding F4607A9CFBE627DAA7B1AF4F0A87DD4D C
                                                                                                                                                                                                                        Imagebase:0x1000000
                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                        Start time:09:29:47
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                                                                                                                                                                                                                        Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                        Start time:09:29:48
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
                                                                                                                                                                                                                        Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                        Start time:09:29:50
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k LocalService -s W32Time
                                                                                                                                                                                                                        Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                        Start time:09:29:57
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 7D00F72EBD1F03FE2BA91EB00E79F5F2
                                                                                                                                                                                                                        Imagebase:0x810000
                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                        Start time:09:29:57
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\System32\MsiExec.exe -Embedding 40FEA25D10AEAC450300A64B6E69AD51
                                                                                                                                                                                                                        Imagebase:0x7ff65f1b0000
                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                        Start time:09:30:03
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding E5BAB935B9E62F5EF499449BA355B5C1 E Global\MSI0000
                                                                                                                                                                                                                        Imagebase:0x810000
                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                        Start time:10:58:37
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                                                                                                        Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                        Start time:10:58:44
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\System32\MsiExec.exe -Embedding B57FEBC80AACA307814E81531C396CA3 E Global\MSI0000
                                                                                                                                                                                                                        Imagebase:0x7ff65f1b0000
                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                        Start time:10:58:44
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\wevtutil.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.man"
                                                                                                                                                                                                                        Imagebase:0x170000
                                                                                                                                                                                                                        File size:208'384 bytes
                                                                                                                                                                                                                        MD5 hash:3C0E48DA02447863279B0FE3CE7FE5E8
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                        Start time:10:58:44
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                        Start time:10:58:44
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\wevtutil.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\AlwaysOnTracing.man" /fromwow64
                                                                                                                                                                                                                        Imagebase:0x7ff6fcf90000
                                                                                                                                                                                                                        File size:278'016 bytes
                                                                                                                                                                                                                        MD5 hash:1AAE26BD68B911D0420626A27070EB8D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                        Start time:10:58:45
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\wevtutil.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.man"
                                                                                                                                                                                                                        Imagebase:0x170000
                                                                                                                                                                                                                        File size:208'384 bytes
                                                                                                                                                                                                                        MD5 hash:3C0E48DA02447863279B0FE3CE7FE5E8
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                        Start time:10:58:45
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                        Start time:10:58:45
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\wevtutil.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\BrokerEventsProvider.man" /fromwow64
                                                                                                                                                                                                                        Imagebase:0x7ff6fcf90000
                                                                                                                                                                                                                        File size:278'016 bytes
                                                                                                                                                                                                                        MD5 hash:1AAE26BD68B911D0420626A27070EB8D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                        Start time:10:58:47
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\wevtutil.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.man"
                                                                                                                                                                                                                        Imagebase:0x170000
                                                                                                                                                                                                                        File size:208'384 bytes
                                                                                                                                                                                                                        MD5 hash:3C0E48DA02447863279B0FE3CE7FE5E8
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                        Start time:10:58:47
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                        Start time:10:58:47
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\wevtutil.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"wevtutil.exe" im "C:\Program Files\Citrix\Broker\Service\HighAvailabilityEventsProvider.man" /fromwow64
                                                                                                                                                                                                                        Imagebase:0x7ff6fcf90000
                                                                                                                                                                                                                        File size:278'016 bytes
                                                                                                                                                                                                                        MD5 hash:1AAE26BD68B911D0420626A27070EB8D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                        Start time:10:58:48
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Windows\SysWOW64\sc.exe" sidtype CitrixBrokerService unrestricted
                                                                                                                                                                                                                        Imagebase:0x2d0000
                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                        MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                        Start time:10:58:48
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                        Start time:10:58:49
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Citrix\Broker\Service\BrokerService.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Citrix\Broker\Service\BrokerService.exe" -Upgrade
                                                                                                                                                                                                                        Imagebase:0x19490e50000
                                                                                                                                                                                                                        File size:117'832 bytes
                                                                                                                                                                                                                        MD5 hash:CB044A172BFC56F40916FDDFB0381694
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                        Start time:10:58:49
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                        Start time:10:58:52
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Citrix\Broker\Service\BrokerService.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Citrix\Broker\Service\BrokerService.exe"
                                                                                                                                                                                                                        Imagebase:0x25003f60000
                                                                                                                                                                                                                        File size:117'832 bytes
                                                                                                                                                                                                                        MD5 hash:CB044A172BFC56F40916FDDFB0381694
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                        Start time:10:58:55
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                                                                                                                        Imagebase:0x7ff7527e0000
                                                                                                                                                                                                                        File size:468'120 bytes
                                                                                                                                                                                                                        MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                        Start time:10:58:55
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                        Start time:10:58:58
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -Pipeline "C:\Program Files\Citrix\Broker\Service\Pipeline\"
                                                                                                                                                                                                                        Imagebase:0x2b30d5f0000
                                                                                                                                                                                                                        File size:32'840 bytes
                                                                                                                                                                                                                        MD5 hash:42B1415948404168E021518E8A5EE683
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                        Start time:10:58:58
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                        Start time:10:59:06
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -PluginsRoot "C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\v2.73.0.0\"
                                                                                                                                                                                                                        Imagebase:0x1a1f80d0000
                                                                                                                                                                                                                        File size:32'840 bytes
                                                                                                                                                                                                                        MD5 hash:42B1415948404168E021518E8A5EE683
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                        Start time:10:59:06
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                        Start time:10:59:12
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Common Files\Citrix\HCLPlugins\RegisterPlugins.exe" -PluginsRoot "C:\Program Files\Common Files\Citrix\HCLPlugins\ManagedMachine\v2.5.0.0\"
                                                                                                                                                                                                                        Imagebase:0x21fd55c0000
                                                                                                                                                                                                                        File size:32'840 bytes
                                                                                                                                                                                                                        MD5 hash:42B1415948404168E021518E8A5EE683
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                        Start time:10:59:12
                                                                                                                                                                                                                        Start date:08/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        No disassembly