RE_iRecord_Installer.msi

Status: finished

Submission Time: 2022-05-27 20:17:46 +02:00

Clean

Comments

Details

Analysis ID:
635361
API (Web) ID:
1002869
Analysis Started:

2022-05-27 20:17:52 +02:00
Analysis Finished:

2022-05-27 20:28:35 +02:00
MD5:
fd867ada4f27257b97cd1086e2308309
SHA1:
ef352d9be1ba30d40007d41c396a93d98ce4ea3b
SHA256:
609053e562cd36056b79d4aced7547b6ea7f7af8c0d46afc08a7fce52a292909
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	clean Score: 4	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
205.234.175.175	United States

Domains

Name	IP	Detection
vip1.g5.cachefly.net	205.234.175.175
ocp.cscglobal.com	0.0.0.0

URLs

Name	Detection
http://www.ingeo.com/2001/v2/documents
http://tempuri.org/IConfigurationWebService/GetNextePrepareIDT
http://www.ingeo.com/)
Click to see the 97 hidden entries
http://www.fonts.com
http://www.w3.o
http://www.countyaccess.com/ROD_WebServices/ROD.WebService.SynchData/Service.asmx
http://tempuri.org/IConfigurationWebService/GetNextePrepareIDResponse
http://irecord.ingeo.com/GetLatestVersionT
http://www.ingeo.com/#
http://tempuri.org/IConfigurationWebService/CopyOrganizationConfigurationsEnvToEnvResponse
https://irecordbeta.ingeo.com/irecord_service/ConfigurationService/ConfigurationWebService.svc
http://tempuri.org/IConfigurationWebService/GetDemoXmlT
http://foo/bar/usercontrols/usercontrol_password.baml
https://www.ic-secure.com/ROD_WebServices/ROD.WebService.ProcessInstrument/Service.asmxT
http://tempuri.org/IConfigurationWebService/GetNextTransactionIDResponse
http://schemas.xceed.com/wpf/xaml/toolkit
http://tempuri.org/IConfigurationWebService/GetNextePrepareIDResponse#
http://tempuri.org/IConfigurationWebService/GetNextTransactionIDT
http://www.ingeo.com/T
http://irecord.ingeo.com/UpdatePasswordT
http://www.ingeo.com/CommandT
http://defaultcontainer/iRecord_WPF;component/usercontrols/usercontrol_password.xaml
http://irecord.ingeo.com/IsUserUniqueT
https://irecord-uat.erecording.com/irecord_service/ConfigurationService/ConfigurationWebService.svc
http://irecord.ingeo.com/LoginWithDuoT
https://irecord-dev.erecording.com/irecord_service/ConfigurationService/ConfigurationWebService.svc
http://tempuri.org/IConfigurationWebService/GetConnectorTransactionXmlByCountyGuidAndErIDResponse
http://irecord.ingeo.com/ImpersonateUserT
http://www.ingeo.com/AvailableCommands
https://apps.erecording.com/Portal#Reports/Main.xaml
http://www.countyaccess.com/ROD_WebServices/ROD.WebService.ProcessInstrument/Service.asmx
http://schemas.datacontract.org/2004/07/iRecord_Server.ConfigurationServicec
http://irecord.ingeo.com/UpdateAttachmentImagesT
http://www.gemedicalsystems.com/it_solutions/bamwallthickness/1.0
http://www.ingeo.com/c
http://schemas.datacontract.org/2004/07/iRecord.Common.DTOs
http://irecord.ingeo.com/SendEmailAboutUpdatedEmailT
http://tempuri.org/IConfigurationWebService/InsertOrUpdateDemoXmlResponse
http://foo/usercontrols/usercontrol_password.xaml
http://irecord.ingeo.com/-
https://irecord-uat.erecording.com/irecord_service/SignatureService/SignatureService.svc
http://www.ingeo.com/SendEmail
http://irecord.ingeo.com/PushStatusT
http://irecord.ingeo.com/ValidateResetGuidT
https://irecord.ingeo.com/irecord_service/isubmitservice/isubmit.asmxYE-a
http://www.ingeo.com/Command
https://irecord-dev.erecording.com/irecord_service/SignatureService/SignatureService.svc
http://schemas.datacontract.org/2004/07/iRecord_Server
http://irecord.ingeo.com/UnimpersonateUserT
http://tempuri.org/IConfigurationWebService/CopyOrganizationConfigurationsEnvToEnvT
https://irecord-dev.erecording.com/irecord_service/DataService/iRecordDataService.asmx
http://www.gemedicalsystems.com/it_solutions/orthoview/2.1
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://ocp.cscglobal.com/cdn/gateway/csc/logo-csc-ingeo.png
http://tempuri.org/IConfigurationWebService/IsValidFileTypeT
http://irecord.ingeo.com/T
http://irecord.ingeo.com/SendEmailT
http://irecord.ingeo.com/Q
http://www.ingeo.com/TU
http://schemas.datacontract.org/2004/07/iRecord.Common.DTOsI
https://irecordbeta.ingeo.com/irecord_service/DataService/iRecordDataService.asmx
http://irecord.ingeo.com/SendForgotPasswordEmailT
http://10.98.134.15/isubmitservice/isubmit.asmx
http://schemas.xceed.com/wpf/xaml/datagrid
https://irecord-uat.erecording.com/irecord_service/DataService/iRecordDataService.asmx
https://www.ic-secure.com/ROD_WebServices/ROD.WebService.SynchData/Service.asmx
http://tempuri.org/IConfigurationWebService/GetDemoXmlResponse
https://ocp.cscglobal.com/cdn/gateway/csc/csc-white-logo.png
http://tempuri.org/IConfigurationWebService/GetConnectorTransactionXmlByCountyGuidAndErIDT
http://irecord.ingeo.com/Y
http://www.gemedicalsystems.com/it_solutions/rad_pacs/
http://icongal.com/
http://irecord.ingeo.com/LoginT
https://irecord.ingeo.com/irecord_service/SignatureService/SignatureService.svc
http://www.ingeo.com/AvailableCommandsT
https://apps.erecording.com/Portal
http://irecord.ingeo.com/DeleteSessionT
https://www.ic-secure.com/ROD_WebServices/ROD.WebService.ProcessInstrument/Service.asmx
http://schemas.xceed.com/wpf/xaml/avalondock
http://irecord.ingeo.com/GetUserFromSessionT
https://ocp.cscglobal.com/cdn/gateway/csc/csc-logo-erecording.png
https://www.ic-secure.com/ROD_WebServices/ROD.WebService.SynchData/Service.asmx/
https://ocp.cscglobal.com/cdn/gateway/csc/csc-logo-erecording.pngXUa
http://172.17.3.125/DocConverter/DocConverter.svc
https://irecordbeta.ingeo.com/irecord_service/SignatureService/SignatureService.svc
http://tempuri.org/IConfigurationWebService/InsertOrUpdateDemoXmlT
https://ocp.cscglobal.com/cdn/gateway/csc/ere-solutions-375.png
https://irecord.ingeo.com/irecord_service/DataService/iRecordDataService.asmx
http://irecord.ingeo.com/SendOnboardingEmailT
https://ocp.cscglobal.com/
https://irecord.ingeo.com/irecord_service/isubmitservice/isubmit.asmx
https://irecord.ingeo.com/landing/assets/downloads
http://tempuri.org/IConfigurationWebService/MigrateOrganizationConfigurationsResponse
https://irecord.ingeo.com/irecord_service/ConfigurationService/ConfigurationWebService.svc
http://tempuri.org/IConfigurationWebService/IsValidFileTypeResponse
http://irecord.ingeo.com/SendTrusteeServicesNotificationEmailT
http://tempuri.org/IConfigurationWebService/MigrateOrganizationConfigurationsT
https://irecord.ingeo.com/irecord_service/iSubmitService/iSubmit.asmx
https://ocp.cscglobal.com/cdn/gateway/csc/favicon.ico
http://irecord.ingeo.com/ValidateSessionGuidT

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\Desktop\CSC iRecord.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Mar 23 22:26:54 2022, mtime=Sat May 28 02:19:37 2022, atime=Wed Mar 23 22:26:54 2022, length (…)	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CSC\CSC iRecord.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Wed Mar 23 22:26:54 2022, mtime=Sat May 28 02:19:37 2022, atime=Wed Mar 23 22:26:54 2022, length=7406080, window=hide	#
Click to see the 70 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Installer\{FD00B0DF-1F5A-4C9D-B945-7531468B5011}\iRecord.ico	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	#
C:\Users\user\AppData\Local\Temp\MSI4103.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\zxcvbn.net.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\jint.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe.manifest	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe.config	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord_WPF.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\Installer\3e4f5a.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Code page: 1252, Title: Installation Database, Subject: iRecord, Author: CSC, Keywords: Installer, Comments: Published by CSC. Email csc-help@cscglobal.com fo (…)	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecordBO.XmlSerializers.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Core.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Common.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\iRecord.Common.XmlSerializers.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.Toolkit.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.DataGrid.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.VS2010.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\Temp\~DF45EDC06B6870A1DF.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DFFD954F6991C0C478.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DFCF776D88B734425A.TMP	data	#
C:\Windows\Temp\~DFCC7FD97F2AC2B8FF.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DFBB1896EEEADE2A86.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DFA264E91955F0F9BB.TMP	data	#
C:\Windows\Temp\~DF9C089A12CD524806.TMP	data	#
C:\Windows\Temp\~DF6A82DB31D22522C0.TMP	data	#
C:\Windows\Temp\~DF4EEB3C2A0EFB1260.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Metro.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\Temp\~DF3D0A1F559312791D.TMP	data	#
C:\Windows\Temp\~DF2B6CA314E64CFCAF.TMP	data	#
C:\Windows\Temp\~DF170E0BA94479F3D4.TMP	data	#
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Installer\SourceHash{FD00B0DF-1F5A-4C9D-B945-7531468B5011}	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Installer\MSI698A.tmp	data	#
C:\Windows\Installer\3e4f5c.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Code page: 1252, Title: Installation Database, Subject: iRecord, Author: CSC, Keywords: Installer, Comments: Published by CSC. Email csc-help@cscglobal.com fo (…)	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.image.gdimgplug.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.DataVisualization.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.Common.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\JavaScriptEngineSwitcher.V8.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\JavaScriptEngineSwitcher.Core.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Hexasoft.Zxcvbn.pdb	MSVC program database ver 7.00, 512*59 bytes	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Hexasoft.Zxcvbn.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.jbig2.encoder.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.jbig2.encoder.64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.ProcessingObjectModel.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.image.gdimgplug.64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.filters.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.filters.64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.barcode.1d.reader.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\GdPicture.NET.12.barcode.1d.reader.64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\ClearScript.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\BarcodeLib.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Net.Http.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Expression.pdb	MSVC program database ver 7.00, 512*63 bytes	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Expression.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Xceed.Wpf.AvalonDock.Themes.Aero.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\WPFToolkit.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.Layout.Toolkit.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.Input.Toolkit.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.DataVisualization.Toolkit.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\System.Windows.Controls.DataVisualization.Toolkit.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Config.Msi\3e4f5b.rbs	data	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Signature.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Signature.XmlSerializers.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET.xml	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\ScintillaNET FindReplaceDialog.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WinForms.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WebForms.xml	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Programs\CSC\iRecord\Microsoft.ReportViewer.WebForms.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#

RE_iRecord_Installer.msi

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

RE_iRecord_Installer.msi Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

RE_iRecord_Installer.msi